[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

e$: NSA Fluffy FUD?



-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL-----

I just got off the phone with a reporter who was interviewing me for a
comment in the paper on Cybercash's "CyberCoin" mini-money protocol. My
comment was that I hadn't paid much attention to it, because I figured it
was yet another book-entry system, but, since he e-mailed me ahead of
time, I went to look at their FAQ on the web, and, yup, sure enough, it
was yet another book-entry system. :-). For the record, I have no problems
with Cybercash, themselves. If anyone's going to do a book-entry system,
it might as well be Cybercash.

What? What about CyberCoin? Oh. Yeah. CyberCoin. Well, the best way I can
figure, it's a transaction accumulator for either your credit card or
debit card, like First Virtual does for small transactions, only it
settles way much quicker, like less than 90 days. :-). On the privacy
standpoint, it hides transactions from the merchant, which is cool, but
not from the bank, which is not cool. What do you expect from a book-entry
system?  ;-). Cybercash at least makes no claims for anonymity, unlike
other transaction systems who will remain nameless...

Cybercash is at <http://cybercash.com> if you want more details.


Almost as an afterthought, the reporter said that someone at the NSA had
cranked out a for-public report, which he had just gotten a fax of,
decrying the succeptability of digital bearer certificate issuers in
general, digital cash issuers in particular, to rubber-hose attacks on
their private keys. The "Print off a trillion dollars in digimarks, buddy,
or we'll kill 'Fluffy', your cat, here..." scenario. Maybe we can call it
a Fluffy-the-cat attack...

The first time I heard of this old chestnut, of course, was from the lips
of Nathaniel Borenstein, who was pushing First Virtual rather strenously
at the time, as a solution to that problem, among others, up to, but not
including, dandruff and world peace.  This was before he invented the
keyboard sniffer, so I was actually listening to him, in those days. :-).

Now it seems the NSA has picked up the Nathaniel's fumbled ball and is
running with it for all they're worth.

Of course, the best way to deal with this from a technical standpoint is
not technically, of course, but with a market model: one with lots of
issuers, trustees, protocol designers, software developers, buyers and
sellers, in one great big robust, happy, many-to-many competitive
clusterfuck of digital commerce. Not to mention, of course, expiry dates
on the digital bearer certificates itself.


Anyway, has anyone *else* seen this apocryphal NSA paper yet? Is it on the
web? I'm sure (he said, volunteering someone else's services unasked yet
again) that someone like John Young would be interested in seeing that
fax...


So, the reporter asks, do I think that Citicorp should get into the
business of issuing digital cash?

Well, I guess not. Not according to the NSA, anyway, especially if John
Reed has a cat named 'Fluffy'.

Cheers,
Bob Hettinga

-----BEGIN PGP SIGNATURE-----BY SAFEMAIL-----
Version: 1.0b3

iQCVAwUBMlBBLfgyLN8bw6ZVAQENFQP9HKP1TdH27b7e2oruWFK1uc/aALOWPPUy
jU+zCS+xUgYwdTlFiI2+6xD/jiylU9Twf6rgX63NQ3JNl1rQhmVW8wIhArgbakkg
3/zxWeMJ+Bc/1N0t+XsHdB3MQ07HygaPyjKED73Exy2uO60XuY8Je2isM4fr2B4d
85OeDCb606Q=
=61Gj
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga ([email protected])
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/