[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Why Digital Cash...
- To: [email protected]
- Subject: Re: Why Digital Cash...
- From: [email protected]
- Date: Tue, 10 May 1994 17:47:17 -0700
- Comments: This message is NOT from the person listed in the Fromline. It is from an automated software remailing service operating atthat address. Please report problem mail to <[email protected]>.
- Sender: [email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Well I'm bummed, my earlier post on this seems to have been totally
ignored. I will shorten it.
Tim May asks some interesting questions about the pace of crypto
deployment, and asks about "compensating" people for their work.
OBSTACLES
I think there are two main reasons for slow deployment:
1. Lack of resources
To really do it right, you must own a net connected machine.
- digital bank: speed, convenience
- data havens: speed, convenience, access to huge storage
- anonymous remailers: need to be able to control sendmail logging,
need to be able to hack config files for best results, etc.
Owning the machine this stuff runs on (no other users) is necessary
for key security. For guarding against what Tim calls "Mom and Pop"
type remailers (ones that may vanish at anytime when a student
graduates, moves, etc.)
2. Legal issues
In my mind, the biggest hurdle.
- patents: these may really suck but the fact is they are legal
until a court overturns them, or they expire ;)
- exposure: the operator assumes a certain (almost unpredictable)
risk. For example:
* suppose I run a data haven and people use it for moving pirated
software.
* suppose somebody uses an anonymous remailer to threaten another
Call me nuts, but the fact that many remailers run on systems that
do log mail is "protection" for the remailer operator. A balance
needs to be struck between offering anonymous mail and logging;
unfortunately I think in the current climate the balance lies
closer to logging to avoid problems.
Don't get me wrong, I'm in favor of this technology (I've run
remailers, etc.). But the "infrastructure" to deal with some events
isn't here.
(Say somebody gets threatening anonymous mail. In a world rich with
crypto tools, this person would be using positive reputation filters,
ignoring mail not digitally signed, maybe even be posting to usenet or
participating in an email list "anonymously" themselves with return
address blocks, etc. In this case, their identity could be kept
completely private.)
INCENTIVES
What are the incentives for running these services? None as far as I
can tell, other than the satisfaction of doing it. I'm not sure the
market is ready for anonymous mail, data havens, etc. So it falls to
interested hobbyists to experiment with.
Johan Helsingus (Julf of anon.penet.fi) spends hours a day maintaining
his site, responding to complaints, etc. He provides a valuable
service, which obviously is very popular... all the same, I'll bet
when he asked for a donation of $5 per account to help defray costs,
he got almost no response.
> Later protocols have not fared as well. Why this is so is of great
> importance.
I'm very interested in hearing your theories about this, Tim. Post!
I too wish things were different.
We are in a "ease of use" phase. Most people on this list don't even
pgp sign their messages, largely because it isn't convenient. It
isn't surprising later protocols aren't faring well.
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLdAqdIOA7OpLWtYzAQFrzgP+Mtrvyq+aG0pIX57t/bJ+L1dsbO+tnf3O
orcr8ZytlNWFfaoxDVf33780FCRFHsP06xOmXRiGM14bWrIVKbq+D9y4pvx8Qh/6
4YEND80DWooALAK8Meo4gKJgc5EPXcsGgW9/JvfjP46VG2kq7vcAQoKGH9HZe4c7
W+0I3cpteQg=
=sLe4
-----END PGP SIGNATURE-----