[3758] in cryptography@c2.net mail archive
Re: Building crypto archives worldwide to foil US-built Berlin Walls
daemon@ATHENA.MIT.EDU (Dan Geer)
Wed Dec 9 01:16:33 1998
To: John Young <jya@pipeline.com>
Cc: cryptography@c2.net, John Gilmore <gnu@toad.com>
In-Reply-To: Your message of "Tue, 08 Dec 1998 09:10:35 EST."
<199812081421.JAA23743@camel8.mindspring.com>
Date: Tue, 08 Dec 1998 19:36:23 -0500
From: Dan Geer <geer@world.std.com>
Tradeoff time.
====
Q: Is it better for the providers of crypto resources to alarm/log
accesses to their websites or not?
I'd strongly argue not;
Team Despot will disguise itself and we are surveilled as we speak;
Team Legion loses if it creates targets for harvesting.
====
Q: Is coordinated integrity control (code signing) a Good Thing?
I'd weakly argue not;
The absence of a coordinated signing strategy does not preclude
verification so avoiding common-mode fraud, e.g., long-running
denial of service attacks on the central signing agent, seems
advantageous.
Alternative argument;
Integrity of crypto code can be signed via quorumed split-key
means so that no single actor fraud is effective yet only the
minimum quorum need be online at any given time; this has
the advantage that a completed split-key signature cannot be
attributed to which quorum subset made it yet is verifiable
by ordinary client means once complete. Since intermediate
(partial signing) results do not leak fragment holder identity,
quorum members can indirectly communicate through commonly
held dead-drops.
====
Q: Should requestors routinely avoid surveilled identification?
I'd argue strongly for:
We, Team Legion, must commit to a cell organization with
pseudonymity coverage such as through the "Crowds" system;
to avoid any one of us being guilty we must all be.
====
Getting the problem statement right for this
endeavor is the most important thing we have
left to do. If the above sample is misguided,
say so. To the extent it is incomplete, fix
it. If one of us goes off the air, step into
their place.
It is time for us to walk the fine line between
undue paranoia and a heightened state of awareness.
--dan
