[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Comments Requested for preso outline
-----BEGIN PGP SIGNED MESSAGE-----
Fellow c*punks,
I plan on creating several informational sessions on net legal issues
here at Miami University. Use of E-mail has risen considerably in just
the last year. Most users of this e-mail have no idea how the words
move from their screen to the screen of the addressee, much less
government attempts to regulate cryptography. I want to create an
overview of no more than an hour (hopefully shorter) that will cover
many of the important issues involved. The meetings will be followed by
PGP distribution and key generation on Mac and MS-DOS platforms.
The following outline is "version 0.1" of what I would like to explain.
Unfortunately, I believe the outline needs to be considerably edited.
The main problems are 1) Keeping interest, and 2) Making concepts of
cryptography understandable for people who are not mathematicians or
programmers.
I would appreciate any input, criticisms, suggestions any of you have.
Mainly, I'm looking for ideas about the best way to teach a basic,
conceptual understanding of public key cryptography and digital
signatures.
I don't expect every person who shows up to start encrypting their
communications. What I aim to do is increase awareness, mainly about
the activities of their government, and to distribute PGP. These will
be people interested in the future of the net as end users, not as code-
writers or hackers. I want to educate them about the policies, being
formed now, that will affect the net for decades.
- -john.
- --------------------------------cut here-------------------------------
1) Basic overview of the net.
o There is, currently, no "Internet Inc."
o The Internet started as a cold war problem: How do you
communicate after a nuclear attack?
Electronic Mail: How do the words go from your screen to
your friend's screen?
o broken up into ASCII packets and sent towards the destination
this ASCII could be intercepted and read by numerous
people
along the way
Why should you be worried about your privacy?
o low cost of information archiving
o low cost of key-word scanners
o ease of implementation, at least along backbones (in our area,
OARnet)
o the backbones are often funded, or operated by government
agencies
o you use envelopes in reality, why not in Cyberspace?
2) How do you keep communications private?: Overview of encryption
o encryption is hiding data in plain site
o plaintext -> key -> ciphertext relationship
o symmetric ciphers
> requires a secure channel for key transmission
> limited to governments, corporations
> ex: DES, used by banks for wire transactions
o public key ciphers
> does not require a secure channel for key transmission
> relationship of public/private keys
> overview of a transmission
> conceptual description of Alice and Bob communicating
(diagrams)
o signing methods
> what is a digital signature?
> what can they be used for?
> verifying the integrity of a message
o What makes an algorithm secure?
> peer-reviewed, public algorithm
> security in vast key-space, not in secret algorithm
o Software you can use
> PGP
> demonstrate key generation, data encoding/decoding
> various other schemes, probably Curve Encrypt (IDEA)
3) Legal Issues
o government regulation
> What is the NSA?
> Export Laws
> Clipper/Skipjack
o What is Clipper?
> government designed hardware encryption for voice and data
> secret algorithm
> government backdoor
> created to allow tapping of communications by drug
dealers, terrorists, etc.
o what does it mean for you?
o why won't it work?
> smart criminals won't use it
> government checks on key use probably inadequate
o what can you do?
> distribution of letter to the president, congress,
representatives
> encourage algorithm distribution
> EFF info
4) Software distribution, Key generation
o Mac and MS-DOS PGP
o Curve Encrypt
-----BEGIN PGP SIGNATURE-----
Version: 2.3
iQBVAgUBLU2L+hD3efpluabZAQHzEwH8DPrdnDfG2zVXAD/MV+21+m6iinT7DN1+
PshKBLAE/UfZCjlplGgZGaHBY+8O9gQ/XsCUp5HDJRLKSxzVvCGKEg==
=53C1
-----END PGP SIGNATURE-----