Subject: Verisign CRL single point of failure - msg#00065

Previous Message by Date: click to view message preview

Re: [Fwd: Re: Non-repudiation (was RE: The PAIN mnemonic)]

Non-repudiation is really very simple in concept. "The ability to prove to a third party that you (or someone else) was party to a transaction". There are a lot of problems regarding who the third party must be, what constitutes "proof", etc., etc. In the English common-law system, this is applied in various ways and times. It all comes down to concepts of "reasonableness", "intent", "care" and so on. Can you say "convince the judge or jury of your peers" ? The same is true for authentication. John On 1/7/04 15:06, "Anton Stiglic" <astiglic@xxxxxxxxx> wrote: > > ----- Original Message ----- > From: "Jerrold Leichter" <jerrold.leichter@xxxxxxxxxx> > Cc: "Cryptography" <cryptography@xxxxxxxxxxxx> > Sent: Wednesday, January 07, 2004 7:14 AM > Subject: Re: [Fwd: Re: Non-repudiation (was RE: The PAIN mnemonic)] > > >> Now that we've trashed non-repudiation ... just how is it different from >> authentication? > > I don't think the word "authentication" has the same problem as > "non-repudiation", > but you do need to be careful how you define it. > > So here we are talking about entity authentication (as opposed to data > authentication, > the latter really has a unambiguous definition, at least I hope it does!). > > The way you should define entity authentication > is by stating that it is a process of verifying that an entity possesses the > authentication > credentials associated to a user that entity claims to be. This entity > might be the rightful > user, or it might be someone who stole the credentials from the rightful > user. If someone > stole my ATM card and my PIN, he/she can successfully authenticate > him/herself to an > ATM and withdraw money. The word "authenticate" is appropriate in this last > phrase. > > But I see that most definitions that have been collected here: > http://www.garlic.com/~lynn/secgloss.htm#t523 > are not careful about this. > > The thing about non-repudiation is that it is something that even most laws > do not > permit. See for example: > http://www.firstmonday.dk/issues/issue5_8/mccullagh/ > > Non-repudiation applied to digital signatures implies that the definition > states that > only one person possibly had possession of the private signing key and was > conscious > about the fact that it was used to sign something. > > In most jurisdictions a person has the right to repudiate a signature > (had-written > or electronic), and thus non-repudiation does not work. People have the > right to > repudiate signatures since it might be the result of a forgery, fraud, the > signer might have > been drunk or something at the time of signing or forced to sign (like with > a gun to his > head). Repudiation is possible but non-repudiation is not. > > I know some people who use the term "accountability" instead of > "non-repudiation" > to express the property needed in certain systems (commercial > infrastructures where > users login and need to be accountable for their acts). This seems like a > better term > to be used in certain contexts, but I'm still thinking about it... > > --Anton > > > > > > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majordomo@xxxxxxxxxxxx --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@xxxxxxxxxxxx

Next Message by Date: click to view message preview

The pirates of the 21st century (Translation)

This article recently ran in Die Zeit in Germany about Cyber Punks. I was ofcourse misquoted in the article, see my detraction about what was wrong: http://talk.org/archives/000193.html http://www.zeit.de/2003/50/Cypherpunks (original in German) http://talk.org/archives/000211.html (This Translation. CYBERSPACE The pirates of the 21st century Fighting against terror, police and secret services are establishing the surveillance state. But a group of computer geniuses is waging data war on authorities. A report from the world of encrypted messages. By Thomas Fischermann (translated by Veronika Leluschko) The art of power is the art of disappearing. (Paul Virilio) The computer in the ZEIT office just reported the reception of a town clerkâs e-mail. That man is an important informer for this story. One who has a certain reputation among the cryptographers, the inventor and user of electronic hiding and encrypting techniques. But that town clerkâs e-mail cannot simply be opened by clicking on it. It took a couple of minutes until the computer was accepted in the âLasseiz Faire Cityâ, an underground network, hiding deep underneath the surface of the internet, only to be entered with the right code words. On first sight, the Lasseiz Faire City doesnât look different from many other websites on the internet. One may send e-mails, post messages on a message board and visit chatrooms. But here, different form the usual internet, surfers can be assured of their anonymity. Nobody will intercept their messages. A series of techniques, some 25 years ago only available to secret services, encrypt electronic messages beyond recognition, let them dash around the globe as supposedly meaningless data dust, covering over all traces on their long journey. The town clerkâs message starts with âaANQR1DBw04D/NSEz31qI+8QEADwytYâ, thatâs âCyphertextâ. A mathematically encrypted message, only to be read by its receiver. A few mouse clicks, a password, and finally something readable appears on the screen. âThomas, let me think about those questions. Iââl get back to you tomorrow.â Welcome to the mysterious world of Cypherpunks! It was in May 1992, when Eric Hughes went to see his friend Tim May in Santa Cruz, California â and ended up staying there for three days, chatting away. That time, Hughes was in his late 20s and a gifted mathematician from UC Berkeley; May was 10 years older, a former physicist at the Intel chip company, having âretiredâ a couple of years ago thanks to a huge shareholder package. It was obvious that the two scientists got along together well: they shared a similar taste for Western gear and cool sunglasses, a fascination for computer techniques and more than a healthy amount of paranoia. Most of all, they shared political convictions. Both regarded themselves associated with the libertarians, the supporters of an ultraliberal ideology, quite widely spread among the white American middle class. Libertarian Americans are facing the state in a particularly sceptical way, which concerns police as well as tax-collectors. Many of them would like to completely abolish states including their taxes and authorities and leave the power to the free market. That was the vigorous subject the two friends were discussing during their talk marathon that month of May. It wouldnât be worth mentioning if the duo hadnât been convinced of holding the key to their political dreams in their own hands. In fall 1992, May and Hughes created a loose association of like-minded people which lead to one of the most unusual â and most obscure political movements of all times. They called themselves Cypherpunks, based on a science fiction style that had become popular around the end of the 19th century. They were a conglomeration of highly decorated scientists and dreamers, computer geniuses and political activists, lawyers and also criminals. They wanted to be rebels in cyberspace, those guys in sneakers and T-Shirts wanted to change the world, using their laptops as weapons. They would gather for fortuitous âphysical meetingsâ, their Cypherpunk mailinglist would raise to one of the hottest internet debating places with almost 2000 subscribers. They wanted to be the technical elite, creating the infrastructure for a utopian, lawless cyberspace. And today, just 10 years later and after the terror attacks of 9/11, some of them see their hour come: as the last bastion against a society of surveillance. In the early 90s, the internet economy as we know it today, was still in its infancy. But among the techniciansâ avantgarde Hughes and May frequented, visions of a a digital future had already quite progressed: People on the American west coast were already discussing how electronic mail would replace all paper mailings in and between companies, that all money and shares transfers should be moved from classical banking to cyberspace, that products such as music, movies and news should, one day, only be delivered via data processing. More and more parts of our work and spare time would happen in front of a screen. That time, a hand full of books and essays appeared, like âThe sovereign individualâ, describing someone who organizes his life and business in cyberspace, allowing no state to govern him. An organization called Laissez Faire City opened a provisional office in Costa Rica, wanting to offer some sort of virtual citizenship. Political terms like cyberanarchy and virtual regions managed to make their way into seminars of political sciences and law schools. Wasnât it a childrenâs game to smuggle all those data, messages and products past governmental eavesdroppers and controllers, past all those police, tax-collectors and customs officials? Would such an unregulated, lawless cyberspace be able to force the hated states to their knees? One might have thought about such ideologies what he wanted. Tim May once openly declared that cryptography would also be advantageous for murderers and terrorists, for racists, kidnappers and hijackers. That would be the inevitable and necessary evil side of the new freedom, he said. âCypherpunks break the laws they donât likeâ, the founders autocratically wrote in one of their pamphlets. But, one way or the other, it seemed to be technically feasible to the experts and even unavoidable. In the 70s and 80s, methods for extreme data encryption had already slipped out of the hands of the secret services. Powerless, military and police could only watch how programmes like Pretty Good Privacy (PGP) were spread all over the world in the 90s, unable to be hacked with acceptable effort and expense - not even with the help of the secret servicesâ own supercomputers. âCypherpunks will write programsâ, so Eric Hughesâ battle cry which he wrote in a manifesto of the newly founded group. They would establish secret electronic mailboxes, found electronic banks and deal with electronic money, simply create a network of highly encrypted communication. âThe change will not arise in a political but in a technical wayâ co-founder Tim May added. âGovernments in the industrial world, you tired giants made of flesh and steelâ. This is how, a couple of years later, John Perry Barlow began his Declaration of Independence in Cyberspace. The rancher, former Grateful Dead songwriter and passionate fighter for civil rights had become an icon of the movement. âWhere we gather, you have no sovereignty anymore.â Lima, May 2003. Caryn Mladen had prepared her trip to Peru perfectly. Her luggage looked quite unusual for a Canadian tourist, though: laptops, adapters, computer software. A list with names of groups of the civil rights movement that have gotten in trouble with police or political opponents. âPeru has a history as a particularly well organized surveillance stateâ, says the 38-year-old lawyer from Toronto, telling about her 2.5 week long undercover trip. âAlthough itâs now a democratic country, many old forces are still working. Nobody knows if the old surveillance systems are still in use and who uses them.â Ms Caryn is a computer expert with extensive knowledge of data protection. She has written books about computers and is the author of a news column. She has hitch-hiked through Africa and travelled Syria during the first Gulf War (âI felt safer there than in New York Cityâ) and studied massage techniques from the Far East. Recently, she says, âI just needed something new, a new challenge. Then, in December 2001, it just happened.â They were five like-minded people, all of them fascinated by data protection and encryption techniques. Three lawyers, a medical doctor and a computer specialist with contacts to the Cypherpunk scene. They called themselves Privaterra and wanted to do foreign (development-) aid in an unusual way. They would provide civil rights fighters in developing countries with modern instruments of encryption techniques - the weapons of the Crypto movement. Meanwhile the group has been to several countries in South- and Central America, like-minded people in various African countries. âThe needs are often very different,â says the activist, âmany groups have such little technical knowledge, they first of all need things like a virus protection program.â Computers, e-mail and the internet have, for a long time, become an indispensable tool for human rights fighters all over the world - an indispensable tool in the search for political prisoners and for coordinating campaigns. The disadvantage is, though, that these organizationsâ computers now host the addresses of activists, confidential mail and other body of evidence. Ms Caryn and her friends have taught dozens of civil rights fighters how to encrypt such data, how to hide them on the hard disk or stock them in a safe place in the far cyberspace - just in case that a computer gets confiscated by the police or disappears in a âburglaryâ. They taught civil rights fighters how to protect themselves from being attacked by hostile hackers who often also work for secret services. They taught them how to encrypt messages and how to find their way into secret communication networks, cleverly installed underneath the surface of the internet by crypto activists, instead of sending a regular e-mail that can be read by everybody like a postcard. âWho are the opponents weâre fighting against?â A question Ms Caryn has asked frequently. She didn't always get an answer. Sometimes itâs governments, sometimes former governmentsâ loyal members who continue working underground. Privaterra is helped by amnesty international, Human Rights Watch and other human rights movements when choosing their âclientsâ to make sure that the instruments arenât handed over to the wrong people. About ten years after the Cypherpunksâ foundation meeting some of their political dreams have come closer to reality than ever before. Data encryption that no curious state official can hack anymore, in Peru or at the American snooping service NSA? Many such techniques are today available for everybody on the internet. Software forges like Martus Software or Hacktivismo have even written custom-made programs on the internet for political activists and civil rights movements. Nonetheless Caryn and her traveling data rebels had to make a painful recognition: The technology might work, but a much bigger problem is the application. âThose people are no computer experts, and we canât make them computer expertsâ says Caryn. âBut these groups cannot risk to make mistakes - their communication has to be 100% bugproof.â âMost of the people we work with have extremely good reasons for privacyâ she says. Death threats, unannounced raids in dawn, unexplained burglaries in the organizationsâ offices. A Privaterra âclientâ, âsomewhere in Central Americaâ, was later found murdered. Only a couple of weeks ago, the Vietnamese activist Pham Hong Son was sentenced to 13 years in jail for âespionageâ because he had exchanged e-mails with international democracy groups. âThis is not an amusing adventure, most of all we have to be careful not to harm anybodyâ, says one of Carynâs co-workers. A couple of years ago, when China built a wall around the entire Chinese internet and had police control all internet cafÃs in Peking, a team of Cypherpunks immediately wrote a program to break through the virtual wall. But after a short time of enthusiasm they withdraw it, because the use of the program left suspicious traces on the internet - which represented an even bigger source of trouble. Las Vegas, August 2003. Once a year the walls of the Alexis Park Congress Center are covered with black cloth. Bouncers guard the doors, the police sends out special forces and allegedly even international secret services reconnoitre the terrain. A motley crowd of hackers invades the Nevada desert: itâs DefCon, the biggest convention for all those who know about penetrating othersâ computer systems. Hordes of computer geeks populate the congress halls and the deck chairs around the swimming pool, pale guys in T-Shirts and enormous sandals, trendy hipsters with fantasy haircuts. Many of the guests still have quite pimpled faces. Computer kids. The speaker entering the stage is in his late 30s. Wearing a suit and T-Shirt and a gray floppy hat he may not quite fit into the surrounding. Also his public is older and more serious looking than the huge amount of computer kids. In the middle row a few FBI agents have mingled with the public, expectantly folding their arms. No surprise considering the title of his speech: Punish the collaborators! is Bill Scannellâs subject. He is a veteran on these meetings: a confessed Cypherpunk, although not very knowledgeable in technology. The power-speaker and chainsmoker Scannell has become famous as the mouthpiece of a bunch of cryptography companies - for example The Bunker, the company who bought an entire nuclear blast-proof bunker in the West of England and, since then, extols it as a particularly safe data storage place. Today he is playing his preferred role: the self-declared civil rights fighter and troublemaker. âWe must prevent George Bush and John Ashcroft from making the US a society of observation and surveillanceâ says Scannell. He quickly talks himself into a fury and receives mixed reactions - defiant applauding, a few outraged listeners are leaving the conference hall. âWe must make life hell for those who want to take away the freedom of our constitution from us!â Maybe itâs due to Bill Scannellâs personal history that he is so concerned about privacy and data protection. Scannell has worked as a spy in East-Berlin, then as a journalist in countries formerly belonging to the Eastern bloc. He claims having experienced âhow things are going in totalitarian countries. I was always proud of the freedom an American enjoys in America.â When, in February, the American airline Delta offered to test an extensive passenger surveillance system of the American government âI blew a fuseâ, says Scannell. A few days later he started a protest-website, requesting boycott and attacking personally the Delta chief manager; he toured American talk shows and attended the Delta general meeting. The company ended up withdrawing its original plan. At the moment he is working on a similar website against the flight booking system Galileo. âThese things donât help at all to fight terrorismâ Scannell says. âThey are an instrument of prosecutors for all kind of goals.â Scannell claims it a âfundamental rightâ to travel through the country without being detected. This has become more difficult since the terror attacks, but, when he has enough extra-time for his check-in, he quarrels with the security staff; he gets a kick out of buying a bus- or railway ticket under a false name (âJoe Cypherpunkâ). âRecently I was at the airport, talking to my sister on the phone, about politics, and I spoke out clearly some personal points of viewâ he says. âThen I noticed everybody was staring at me as if I were a terrorist. That moment I realized that, in this country, we are beginning to be afraid to speak out freely what we think.â The early Cypherpunks considered it a law of nature that the internet era will simply deprive the authorities of power, that, one day, they will just capitulate and be quiet. But two years after 9/11 the âtired giants of flesh and steelâ are regaining their strength. Only a few weeks after the terror attacks Bush arranged for new laws. He even established an âAdministration for Cyberspace Securityâ. Rumors could be heard that encryption techniques deriving from hacker and cypherpunk forges had helped bin Ladenâs kamikaze pilots plan their attacks, that people like the Cypherpunks were even partially responsible for 9/11. It is, of course, an old contentious issue in the debate about data protection if encryption techniques are in fact a civil right or only a support for terrorists, rascals and drug dealers, if they are a modern equivalent for a sealed envelope or a âproduct equivalent to weaponsâ, as the US government decided at times. Is there a perfect balance between freedom and security? The core around Tim May and Phil Zimmermann, the inventor of the encryption program PGP, stuck to it after 9/11: protection for criminals and terrorists is a necessary price to pay. Nobody could stop the movement anyway. And werenât there enough legitimate applications for the new technology? Protection for âcypher dissidentsâ in China or Burma â and even in America, where, for example, some groups are planning to publish the names of âmissing peopleâ in GuantÃnamo Bay, fearing political repercussions, who knows whether they are right or wrong? âIf cryptography is prohibited, then only the criminals have cryptographyâ Phil Zimmermann occasionally declared succinctly. After 9/11 and the following hunt for more security, such remarks hardly found sympathizers. Many law keepers and security services sensed their chance to create facts. Step by step the rights of police and secret services to tap phone calls are extended, authorities connect their data banks, more and more they are given the right to access data banks of private companies â in America, in Europe and in other parts of the world. âFew people have understood that a surveillance like in Orwellâs Big Brother isnât reduced to the world of books and movies anymoreâ says Barry Steinhart, the data protection expert of the civil rights movement Civil Liberties Union. However, it was not the first shock of 9/11 burying the Cypherpunk foundersâ mantra of the âinevitabilityâ of unlimited privacy. It was the technical development itself. The explosive spreading of computer technology and internet in the industrial countries was followed by an explosion of spying programs, an explosion of surveillance cameras in streets and on airports, biometrical recognition techniques and loads more of other technologies. More and higher performing computer systems apparently became the snoopersâ advantage. Never before companies, national authorities and obstinate internet researchers could find out so much about anyone â thanks to the internet that once should bring unlimited freedom, as Cypherpunks had been dreaming. âYou have zero privacy anywayâ, Scott McNealy, head of the Californian computer company Sun Microsystems said a couple of years ago. âDeal with it.â New York City, October 2003. The head waiter lifted his eyebrows for a second as Jo, John and Sean entered his noble seafood restaurant in sneakers and casual outfit. The three people in their mid-thirties and with gawky Westcoast attitude look a bit different from the serious business people who usually have lunch here. But how can the waiter know that he is confronted with three future government leaders? âHas the dream of an anonymous, stateless Cyberspace burst?â Thatâs the question Sean asks. Leaning back, he repeats the sentence, then takes a moment of reflection. Sean is clearly the man for the big answers, heâs the leader of the group. A stocky young guy with a fat, round face. "Itâs all there, burglar-proof mathematical proceedings, anonymous e-mail-programs, anonymous websurfing, even anonymous exchange platforms. But one of the big problems is: Nobody uses these things! They are only reserved for a small elite.â When Sean Hastings speaks about a small elite one thing is clear: he himself and his friends count among them. Hastings is a Cypherpunk. None of the sworn founding members, but a gifted young computer programmer with a rebelâs heart, who would just love to scare the hell out of the nation-states. âBut, donât write that Iâm a Cypherpunkâ he corrects immediately. âI donât like to be put in a drawer. Just write that I sympathize pretty much with the Cypherpunksâ philosophy.â Hastings has reached cult status. In the late 90s he found an old book called How to start your own country. A couple of months later he bought a number of computer servers and installed them on a rusty air defense station from WWII, a few miles from the East coast of England (in the middle of the North Sea), opening the âfirst public data paradise in the worldâ. Hastings claimed that these computers were not controlled by anybody. In 1967, the retired officer Paddy Roy Bates âconqueredâ and declared independent the deserted military station. Bates once expelled the Royal Navy with well-aimed shots across the bow. (here is a pun which cannot be translated. T.F. writes âSchÃsse vor den Bugâ, which literally means âshots against the bowâ, but mainly âto severely offend someoneâ.) Since then, Bates considers himself âPrince of Sealandâ and, for a couple of years, Hastings was his official national entrepreneur. Hastings, his wife Jo and a hand full of seamen hackers squeezed themselves into windowless cabins, and they all were very discreet. The Prince kept his paws off the computers and Hastings told nobody who used his servers to stock data base and websites. After all, Sealand was supposed to guarantee absolute data inviolability for the first time in history. âThroughout many discussions we had agreed that an anonymous cyberspace needs a certain amount of physical safety,â says Hastings. It may be more and more difficult to hack encrypted messages, electronic âmagic hatsâ may become more and more efficient. But somewhere in the world, on some computer, all these secret data must be stored and be fed into the internet. Somewhere out there the worldâs mystery-mongers are sitting in front of their computers, knowing how to get to see their messages in plain text â discreet and secluded entrepreneurs from Kiev, tax evaders from the USA, secret online gamblers from Brussels, unfaithful guys from Vienna, dealers of illegal nude pictures from Bogotà and drug dealers from Lucerne. And everywhere unpleasant states can cut off lines, confiscate hard disks or sentence their owners to hand out keys. When a couple of years ago, during the Internet security fair RSA, a young blasà programmer was listing all the âultrasafeâ protection programs of his computer, one of the police representatives blew his top: âSo what if I kick down your door and hold a gun to your head? Are your data still safe then?â Even Sealand, says Hastings, couldnât have made the Cypherpunksâ dreams safe and secure. âIt only really works when we have computers all over the world and distribute encrypted data in little bits on all those systems.â Thatâs why he is already planning a new data paradise: a gigantic swimming island in the international waters near Gibraltar. âMaybe we establish a completely new form of life down thereâ he dreams. He has created a website about âLife on the seaâ. Details about the business plans are not yet available, but Hastings says he has already hired engineers and found financing sources. The young nation would also have âarms for self-defenseâ on board. âWater-to-air-rocketsâ she will employ, says his wife Jo and laughs. A joke? Thatâs not really clear. âBy the way, Iâm not gonna move thereâ Jo adds, and Sean nods with a sour grin. Obviously this is not the first time the subject is discussed controversially at the Hastingsâ. âSheâll probably come to visit, Sean says.â Back in the Sealand cabins, the stateless guys had to shower with caught rain water for months, for security reasons they never could sleep on deck and the steady buzzing of the diesel generators made sleep almost impossible. âAfter Sealand Iâve got all I ever needed concerning life on weird marine constructionsâ says Jo. How about crypto rebels who donât live on far-away islands or rusty platforms in the ocean? What do they do? Several of his colleagues say that Tim May has withdrawn from public and now lives as a bearded hermit, owning an impressive arsenal of weapons -â a statement May neither denies nor confirms. A well-known crypto-pioneer from the American East coast is said to do additional work for the Mafia, providing them with programs for highly encrypted and unforgeable betting systems. The Cypherpunk founding member Jim Bell from Vancouver even became the first official âcrypto criminalâ in 2001: A judge decided that Bellâs confused essay with the title âAssassination Politicsâ was tantamount to a call for attacks. Bell had developed an encrypted betting system with digital currency and guaranteed anonymity. Participants could guess the decease of certain tax officers in the Vancouver area; the one who came closest to the actual time of death won the jackpot. âMany (Cypherpunks) arenât even connected anymore to the libertarian ideologyâ, says an insider. âThe only thing they have in common seems to be the conviction that data protection is a good thing.â Numerous Cypherpunks donât even call themselves Cypherpunks anymore, also for the weird self-portrayal of some of the founders. Some of the rebels even seem rather bourgeois today. There are a couple of companies offering programs and systems for anonymous websurfing and e-mailing, safe from being spied by authorities and employers and protected against the maniac data collecting as it is done by advertising companies. Those systems are developed with the crypto rebelsâ technologies and sometimes operated by confessed Cypherpunks. They have names like Zero Knowledge, Hushmail, Anonymizer or ZipLip. A New Yorker company called iPrivacy even wanted to anonymize the trade of goods on the internet; the clients could have done their shopping on the internet without delivering their identity, with iPrivacy organizing the transactions and shipment anonymously. Not even the delivering companies would have known a clientâs identity. But meanwhile iPrivacy has gotten bankrupt, many of such companies are having severe economic difficulties, due to the low demand for their supplies. Due to that situation, a number of activists associated with the Cypherpunks have, during the last years, switched from programming to debating. âMany Cypherpunks have become missionaries, seeing themselves as educators, their task being the enlightenment of the public,â says a founding member. Meanwhile there is a huge amount of academic projects, such as the OpenNet initiative at Harvard, Cambridge and the University of Toronto: they regularly produce a summary about internet censorship all over the world. The Electronic Frontier Foundation (EFF), founded in 1990 by a hand full of encryption activists, is today a political think tank and one of the loudest voices when it comes to debating data protection in the USA. The group also employs lawyers to help hackers, data protectors and encryption artists â and forced American secret services to hand over encryption techniques or to take them off their list of âweaponsâ banned from export. For most private users the data protection programs are still too expensive and too complicated. The company Anonymizer in San Diego asks $30 or more per year for âanonymous websurfingâ -â with the disadvantage that web pages take longer to load, in many situations a couple of extra clicks are necessary. Easy to use music exchange programs like Napster and Kazaa have enormous success, whereas complicated Cypherpunk alternatives like Moio Nation never really caught on. Is the data protectorsâ cause rather a cultural than a technical task? âMost people still accept the internet the way it isâ says John Perry Barlow, author of the above mentioned âDecleration of Independence in Cyberspaceâ. âWe still donât have the killer applicationâ adds Lee Tien, a law expert at EFF. Panama City, October 2003. Sandy Sandfortâs office is located in a white painted apartment building with rows of balconies. Sandyâs balcony can easily be made out from the sidewalk: the one with the gigantic satellite dish in front of the window. Sandy Sandfort is in sunny Panama City for work, not for vacation. âVerax Inc.â says the sign at his door. Inside the bare room a few desks, a couch, a number of computers, a buzzing fan. âWeâre a post-venture-capital-businessâ, says the director of the company and laughs. A company that has got no starting capital except for the money Sandy raised on a private basis. If things go as planned, Sandy Sandfort expects to make history in his spartan office. A new payment system for online purchases is supposed to arise in Panama City. A kind of central bank with a new kind of electronic money, permitting superdiscreet, supersafe payments via internet. One of the oldest dreams of the Cypherpunk community is planned to become real â economic freedom on the internet. Sandy Sandfort is today 57 years old. He has worked as a lawyer in Arizona and as an English teacher. In Costa Rica he was the star of a soap opera (âI was the bad guyâ). He was also part of the first members of the Cypherpunk movement. Since last year he lives in Panama, and he had good reasons for moving there: The payment system he intends to create could never be run legally in the USA. New payment systems for the internet â for activists of encryption techniques this has always been considered the royal discipline. Loads of web pages have been filled with concepts for a new currency, with the Internet-Dollar and eGold, with pre-paid internet currency to be bought at kiosks and elaborate money laundering methods. They were supposed to put an end to the control by tax offices and other authorities. Numerous elegant schemes for virtual exchange circles and digital cash have been developed for a long time, many of them are considered more elegant and better thought-out than Sandyâs Neuclear system. But: they never were of economic success. Sandy sees his advantage in a different aspect: beside the payment system, his Verax Inc. includes its own âkiller applicationâ. Sandy Sandfort also knows quite well the gambling scene â not the traditional Roulette or Canasta in casinos, but cyber-gambling on the internet. For many years gambling websites have been part of the most important income sources in the digital economy, but they have one problem: in many countries they are illegal. Many criminal prosecutor offices, among them those in the USA, search their citizensâ credit card billings for suspicious transactions with cyber casinos. No surprise that many gamblers all over the world are longing for an alternative. âWe want to become the new payment system on the internetâ, says Sandy Sandfort, rocking back and forth on his rickety desk chair as if suddenly he couldnât wait for things to happen. âA system people donât have trouble with when purchasing gambling chips, weapons or whatever it may be.â Simply spoken: clients will transfer money to Verax, via bank, postal money order or even in cash. Verax grants them funds and, from this time on, they can start gambling in online casinos. In Panama there is no law prohibiting this procedure. Only Sandfort and his colleagues will know a gamblerâs real identity; new crypto-technologies will make sure that the gamblerâs anonymity is guaranteed and prevent from fraud. But what happens if, one day, the American authorities forbid money transfers to Verax as they forbad transfers to casinos in the past? Sandy laughs. âThatâs why we want to make sure as soon as possible that our payment system is accepted by as many online dealers as possible, also by hotels, travel agencies, maybe one day even by Amazon.com. Our system will make it impossible to retrace on what exactly a client spent his money. He always can deny having spent it on cyber gambling.â Once the payment system is running, Sandfort perhaps wants to licence it for other providers. His programmer, Pelle, a 33-year-old Dane, has already developed plenty of ideas on the subject. âNeuclear works like very old exchange systems, but is operated with high-tech-methodsâ, he says. âTheoretically, you can create any kind of currency with this system. If you want to, create a cyber currency, based upon gold as security. Or, even better, on opium. I would laugh my head off if someone would try thatâ. A joke. Pelle is already working on a version of his banking program that isnât placed on only one computer, but distributed on many, many single computers all over the world. Once that works, which banking laws could be applicable here after all? Is this the hour of birth of perfect digital financial oases in cyberspace? Parallel economic areas, where all trade and gambling business can be hidden for good? âWell, you know, thatâs the problem with all Cypherpunks,â says Sandy Sandfort. âThey have this vision of totally disappearing in a parallel world. Most of the time the world doesnât work that way.â Sandfort walks over to his desk and points at the ceiling: âLook, I could sit right here with the best and most secure software in the world -â and then some spy or the police could have built a tiny little camera in the lamp, recording everything I write. Believe me, we will continue making progress, but youâll never be completely invisible in cyberspace.â  DIE ZEIT 12/04/2003 No.50 -- http://talk.org + Live and direct from Panama http://neuclear.org + Clear it both ways with NeuClear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@xxxxxxxxxxxx

Previous Message by Thread: click to view message preview

[p2p-hackers] CfP: Second Workshop on the Economics of Peer-to-Peer Systems

--- begin forwarded text Date: Thu, 8 Jan 2004 02:34:22 -0500 From: Roger Dingledine <arma@xxxxxxx> To: p2p-hackers@xxxxxxx, freehaven-dev@xxxxxxxxxxxxx User-Agent: Mutt/1.2.5.1i Cc: Subject: [p2p-hackers] CfP: Second Workshop on the Economics of Peer-to-Peer Systems Reply-To: "Peer-to-peer development." <p2p-hackers@xxxxxxx> List-Id: Peer-to-peer development. <p2p-hackers.zgp.org> List-Archive: <http://zgp.org/pipermail/p2p-hackers> List-Post: <mailto:p2p-hackers@xxxxxxx> List-Help: <mailto:p2p-hackers-request@xxxxxxx?subject=help> List-Subscribe: <http://zgp.org/mailman/listinfo/p2p-hackers>, <mailto:p2p-hackers-request@xxxxxxx?subject=subscribe> Sender: p2p-hackers-bounces@xxxxxxx [please forward widely -RD] Second Workshop on Economics of Peer-to-Peer Systems Harvard University, Cambridge, MA June 4-5, 2004 http://www.eecs.harvard.edu/p2pecon From file-sharing to distributed computation, from application layer overlays to mobile ad hoc networking, the ultimate success of a peer-to-peer system rests on the twin pillars of scalable and robust system design and alignment of economic interests among the participating peers. Following the success of the first workshop, the Second Workshop on Economics of Peer-to-Peer Systems will again bring together researchers and practitioners from multiple disciplines to discuss the economic characteristics of P2P systems, application of economic theories to P2P system design, and future directions and challenges in this area. Topics of interest include, but are not limited to: - incentives and disincentives for cooperation - distributed algorithmic mechanism design - reputation and trust - reliability, identity, and attack resistance - network externalities and scale economies - public goods and club formation - accounting and settlement mechanisms - payment and currency systems - user behavior and system performance - measurement studies - leveraging heterogeneity without compromising anonymity - economic impact to network providers - interconnection of P2P networks The program of the workshop will be a combination of invited talks, paper presentations, and discussion. Workshop attendance will be limited to ensure a productive environment. Each potential participant should submit a position paper that expresses a novel or interesting problem, offers a specific solution, reports on actual experience, or advances a research agenda. Participants will be invited based on the originality, technical merit and topical relevance of their submissions, as well as the likelihood that the ideas expressed in their submissions will lead to insightful discussions at the workshop. Accepted papers will be published on the workshop website. Submission guidelines: Submissions of position papers are due April 1, 2004, and should not exceed 5 pages (excluding references and appendices). Two column papers are acceptable, but the font size should be no smaller than 10pt. Papers must be submitted electronically, preferably in PDF format, to <p2pecon@xxxxxxxxxxxxxxxx>. Important Dates : Submission due: April 1 Notification of acceptance: April 30 Revised version due: May 22 Workshop: June 4-5 Program Committee: Matthew Jackson, CalTech (co-chair) David Parkes, Harvard University (co-chair) Lawrence Ausubel, University of Maryland Sandeep Baliga, Northwestern University Estelle Cantillon, Harvard University John Chuang, UC Berkeley Costas Courcoubetis, Athens University of Economics and Business Peter Cramton, University of Maryland Roger Dingledine, The Free Haven Project John Douceur, Microsoft Research Eric Friedman, Cornell University Ramayya Krishnan, CMU John Ledyard, CalTech Paul Milgrom, Stanford University Brian Noble, University of Michigan Mema Roussopoulos, Harvard University Emin Gun Sirer, Cornell University Rann Smorodinsky, Technion Ion Stoica, UC Berkeley Rakesh Vohra, Northwestern University Dan Wallach, Rice University William Walsh, IBM Research Michael Wellman, University of Michigan Simon Wilkie, CalTech _______________________________________________ p2p-hackers mailing list p2p-hackers@xxxxxxx http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@xxxxxxxx> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@xxxxxxxxxxxx

Next Message by Thread: click to view message preview

Re: Verisign CRL single point of failure

Can someone explain to me why the expiring of a certificate causes new massive CRL queries? /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@xxxxxxxxxxxx