[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Pre-alpha Cpunx-resource FAQ comments sought





Okay folks.  I have worked on this much of the day.  This is a more
formalized outline as well as a somewhat fleshed out version of
section 1 of the FAQ I am attempting to produce.

I submit this to the group for commentary and suggestions as well as
pointers to the relevant info.

This should be enough to give a flavor of what I am trying to do.
Anything in [] needs to be located and/or verified by myself.

I realize that this won't please everyone and some may not care.  So
be it.  

Those who do care, please help me make it less of a FAQ based
on my subjective experience and more of a useful general reference.

Here it is...


-----BEGIN PGP SIGNED MESSAGE-----


                       Cypherpunks Resources FAQ
                           version 0.000000002
                      Compiled, edited & maintained by
                  Scott Harney "Omegaman <[email protected]>"

This document lists resources for readers interested in Cypherpunk
issues and goals.   

The primary intention of this document is to get new readers of the
group to explore the background issues that Cypherpunks attempt to
address.  It also includes pointers to many common cryptographic
implementations and tools.  Furthermore, pointers and instructions for
various newsreaders and email-filters are provided to help users filter
out some of the net's inevitable noise and glean the most useful
information they can from this forum. 

This FAQ does not attempt to explictly define who the Cypherpunks are
or answer questions about the philosophy.  That is an exercise for the
reader who utilizes the pointers within to find the answers on their
own.  After exploring these resources, the hope is that the reader
will become a more effective and insightful contributor to
alt.cypherpunks -- even if he/she is opposed to the goals of the
group.

This FAQ is not intended to be an exhaustive reference.  A quick
perusal of this FAQ should reveal the impossiblity of such a task.
Rather, it is a jumping-off point.  Almost all of the references below
contain voluminous further references.  If your mission-critical
Cypherpunks site is not explicitly included, it is 99% likely to be
referred to by at least one of them.

This FAQ is propagated monthly to alt.cypherpunks.  It can also be
obtained be sending email with the subject and/or body "get cpunks faq"
to [email protected].  As with nearly all net.publications, this document
is in a constant state of contruction.  When information in the FAQ is
updated, I will also post a "what's new" message for those who are
interested in reading additions/corrections without wading throught the
entire FAQ again. 


- -------*********------- Author's Note/Disclaimer ---------*********--------- 

I maintain this FAQ solely on a voluntary basis.  I am doing this
because I think it is necessary.

It would be contrary to the anarchic nature of the Cypherpunks to
attempt to call this an official FAQ of the Cypherpunks group.  Anyone
who disagrees with the editing decisions and pointer selections I have
made in this FAQ is free to.

What this means is that you are encouraged to send comments,
suggestions, corrections, new questions, and answers to me.  I may or
may not include them in future revisions of the FAQ.  I do ask that
somewhere in the subject of your mail redarding this FAQ you include
the text "(CFAQ suggest)", so procmail can file such comments
appropriately and I can address them in a more efficient manner.  If I
use your suggestion or answer to a question, I will attribute the
reference to you unless you request that I do not.

You are free to create your own Cypherpunks-resources FAQ if you don't
like mine.

- - Scott
_______________________________________________________________
 Omegaman <mailto:[email protected]>
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________

- -------*********--------*********---------********--------*********------

Premliminary Outline

Section 1 - Introduction and General Information.  

Q1.1 Does this newsgroup/mailing-list have a charter?
Q1.2 How did the group get started?  
Q1.3 What do Cypherpunks want? 
Q1.4 What happened to the toad.com mailing list?  Are there archives?
Q1.5 Are there other groups besides Cypherpunks who share these goals.
Q1.6 What have the Cypherpunks done to advance their goals other that
     merely talk about them?
Q1.7 I'm interested, what can I do?  
Q1.8 What are all these terms and acronyms anyway? (A Quick n' Dirty 
     Glossary)

Section 2 - Crypto in Action
Q2.1 Pointers galore to PGP resources.
Q2.2 Point to Schneir's site and include biblio info on Applied Crypto
Q2.2 Point to cryptlib toolkits
Q2.3 RSA, of course.
Q2.4 pointers to disk encryption utilities for various platforms
Q2.5 pointers to Raph's remailer site and other remailer info sites.
     remailer software.  software to make remailer usage simpler
     (premail, PIdaho)
Q2.6 pointers to the various digital cash purveyors and to
     explanations of how Chaumian digital cash works.
Q2.7 pointers to Apache-SSL site and info, Stronghold, 
Q2.8 SSH
Q2.9 Pointers to sites describing how various types of crypto actually
     work.  sci.crypt faq
Q3.0 But how do I know if it's good crypto?  Point to snake Oil FAQ?
     Schneir's essay.  Use your brain.

Section 3 - Crypto and the Law
Q3.1 Froomkin's site obviously.. John Young's also obvious.  EFF has a
     good archive too.  Karn case, others.
Q3.2 Pointers to government's current position on crypto. ie. EAR, ITAR
Q3.3 Pointers past Clipper failure info.

Section 4 - Who's who & (recent) History of Crypto.
Q4.1 A couple of good general history sites exist. also Codebreakers
     bibliographical reference.
Q4.2 Enigma is a common question, point to relevant sites.
Q4.3 Whit Diffie--some interviews etc are available
Q4.4 Bruce Schneir same
Q4.5 Phil Z and PGP history and interviews.
Q4.6 Jim Bizdos
Q4.8 Dorothy Denning (got to include the enemy too)
Q4.7 Pointers to news on breaks of ciphers
Q4.8 NSA site.
[Others?  I'm getting sleepy, names escaping me at the moment]

Section 5 - Help! I want to know more but I'm drowning in noise
Q5.1 Point to filtered lists in existence
Q5.2 news2mail gateways as source of list.  mail filtering tools come
     into good use.  point to a bunch of them.
Q5.3 Point to kill-file info for various newsreaders and platforms.
     [Possibly include generic examples from own experience and list 
     user's experience who wish to contribute.  Specific names will 
     be ommitted of course.  Also score information for those 
     interested]
Q5.4 point to information on other utilities and verification-type
     schemes [NoCeM's]

Section 6 - Personal motivations, thank-you's, etc.  

*********----------**********----------**********---------*********----
Section 1.  Introduction and General Information

Q1.1 Do the Cypherpunks have an official charter?

No.  Cypherpunks are anarchic in nature so the notion of an official
charter is directly contrary to such ideals.  

The two statements below are from Original Cypherpunks (OC's) Eric
Hughes and Tim May.  The first was part of the original welcome
message to the mailing list hosted at toad.com.  The second was
suggested by Tim to the original list and commented upon by the
readership.  Both statements are accepted by much of the readership as
good indicators of what Cypherpunks are about.

Eric Hughes' statement:
 "Cypherpunks assume privacy is a good thing and wish there were more
  of it.  Cypherpunks acknowledge that those who want privacy must
  create it for themselves and not expect governments, corporations, or
  other large, faceless organizations to grant them privacy out of
  beneficence.  Cypherpunks know that people have been creating their
  own privacy for centuries with whispers, envelopes, closed doors, and
  couriers.  Cypherpunks do not seek to prevent other people from
  speaking about their experiences or their opinions.

  The most important means to the defense of privacy is encryption. To
  encrypt is to indicate the desire for privacy.  But to encrypt with
  weak cryptography is to indicate not too much desire for privacy.
  Cypherpunks hope that all people desiring privacy will learn how best
  to defend it.

  Cypherpunks are therefore devoted to cryptography.  Cypherpunks wish
  to learn about it, to teach it, to implement it, and to make more of
  it.  Cypherpunks know that cryptographic protocols make social
  structures.  Cypherpunks know how to attack a system and how to
  defend it.  Cypherpunks know just how hard it is to make good
  cryptosystems.

  Cypherpunks love to practice.  They love to play with public key
  cryptography.  They love to play with anonymous and pseudonymous mail
  forwarding and delivery.  They love to play with DC-nets.  They love
  to play with secure communications of all kinds.

  Cypherpunks write code.  They know that someone has to write code to
  defend privacy, and since it's their privacy, they're going to write
  it.  Cypherpunks publish their code so that their fellow Cypherpunks
  may practice and play with it.  Cypherpunks realize that security is
  not built in a day and are patient with incremental progress.

  Cypherpunks don't care if you don't like the software they write. 
  Cypherpunks know that software can't be destroyed.  Cypherpunks know
  that a widely dispersed system can't be shut down.

  Cypherpunks will make the networks safe for privacy."

Tim May's statement:
 "Alt.cypherpunks is for the unmoderated discussion of cryptography
  and the political, social, and economic implications of
  unrestricted, strong cryptography. The Cypherpunks grpup has existed
  since 1992 and has been central in the debate about strong crypto,
  government restrictions, crypto anarchy, and in showing weaknesses
  of various ciphers and security products. The mailing list has had
  as many as 1500 subscribers, plus gateways to newsgroups and Web
  sites. It is expected that 'alt.cypherpunks' will be a free-wheeling
  forum for many viewpoints. As it is unmoderated, readers are
  strongly advised to learn how to use filters and other tools for
  making virtual anarchies manageable for their own tastes."


Q1.2 How did the group get started?

Needless to say, the history of such things is fuzzy at best.  

Eric Hughes and Tim May had some discussions which led to Eric Hughes,
decision to host a meeting.  Concidently, the first meeting occurred the
same week PGP 2.0 was released.  John Gilmore offered his site to host a
mailing list, and thus Cypherpunks were born.  see Q1.2, Q1.4, and Q1.6
for references containing more detail.

also see: [Wired article URL]
           
Q1.3 What do Cypherpunks want?

Such a simple question with no simple, short answer.  Please explore
the following sites.

Tim May's provacative (and large!) Cyphernomicon
 http://www.oberlin.edu/~brchkind/cyphernomicon/

The Berkeley Cypherpunks site is another good starting point.
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/Home.html

Also see: 
http://www.offshore.com.ai/security/ - Vince Cate's
Cryptorebel/Cypherpunk Page 

http://www.eskimo.com/~joelm/ - Joel McNamara's Electronic Privacy
Page

Q1.4 What happened to the toad.com mailing list?  Are there archives?

As with all Cypherpunks issues, there is much controversy surrounding
the dissolution of the original list hosted by John Gilmore's machine
@toad.com.  Some say that noise devoured the list to such a point as to
make it useless, driving away the "good posters".  Others argue that
the failed attempt at moderating the list to eliminate some of that
noise was the final nail in the coffin.

Whatever the reason, Gilmore told the Cypherpunks that it was time to
find a new home.  Running a mailing list with 1500+ subscription base
and the enormous volume that the list had is not a simple task.  The
physical running of the list on a single machine requires enormous
computational resources as well as constant human intervention.

Perhaps the resultant newsgroup and distributed mailing list approach
is more in line with Cypherpunk ideals.  "Cypherpunks know that a
widely dispersed system cannot be shut down."

Archives of the original list are available to some degree at:
http://infinity.nus.sg/cypherpunks/
http://weber.u.washington.edu/~phantom/cpunk/index.html

Users interested in running a "node" of the distributed mailing list
version of this newsgroup are encouraged to subscribe to Igor Chudov's
discussion list on the subject.  Send a message to [email protected]
with the body "subscribe cypherpunks-hosts"

Q1.5 Are there other groups besides Cypherpunks who share these goals?

The following organizations and sites share Cypherpunk goals to a
greater or lesser extent.

The EFF(Electronic Frontier Foundation) http://eff.org
http://eff.org/pub/ITAR_export/HTML/hot.html &
http://www.eff.org/pub/Privacy/hot.html - more specific references &
extensive archival information

EPIC (Electronic Privacy Information Center)
http://epic.org

Voter's Telecommunications Watch
http://www.vtw.org

Center for Democracy and Technology 
http://www.cdt.org

The Cryptography List at C2Net is also a good resource.
send a message to [email protected] with the body "subscribe
Cryptography"

The Coderpunks list at toad.com is a technical discussion forum.
Send a message to [email protected] with the body "subscribe
coderpunks"

Q1.6 What have the Cypherpunks done to advance their goals other that
merely talk about them?

Many Cypherpunks are professionals in the computer security field.
Others work for companies and corporations which create and distribute
products utilizing strong cryptography.

Cypherpunks are also directly responsible for the creation and running
of Type I and Type II(mixmaster) Cypherpunks anonymous remailers
(surprising, eh?).  see Q2.5

Cypherpunks have also produced software to make good crypto easier for
the masses. [Get permission from PGP-front end producers to reference here]

The Linux-IPSEC project is another good example. [see & subscribe ref?].

Mykotronx exposure and dumpster diving excursion. [reference?]

see Q1.4(list-archive sites)

Q1.7 I'm interested, what can I do?  

First of all READ before you post.  Observe simple etiquette.  Don't
clutter the group with "me too" posts and questions which you can
easily find the answer to yourself.  Contribute signal, not noise.

As of this writing, RSA, inc. is hosting a contest to crack the
government standard DES 56 bit algorhythm.  See
[http://www.rsa.com/contest] for full details.

Also see Peter Trei's site for software and info.

Host a portion of the distributed mailing list.  See Q1.5.

Run an anonymous or pseudonymous remailer. see Q1.6 for site references
and software.

Use strong crypto.  Encourage friends to use it as well.  Increase the
amount of encrypted traffic on the net.

Can you code?  There are plenty of projects and opportunites yet to be
explored.  Black Unicorn writes:
 "Where is highly sophisticated stego?
  Where are larger keys for symetric ciphers?
  Where is a fully functional and secure "stealth PGP"?
  Where are anonymous and encrypted WWW clients and hosts which permit
  chaining?

  If the crypto war is going to be lost it will be lost in the chill of
  development when crypto regulation is put into place.

  If you don't make the guns in the first place, the government has a much
  easier time taking them away."


Q1.8 What are all these terms and acronyms anyway?

Here's a quick-n-dirty glossary.

GAK = Government access to keys.  Government euphemisms for GAK include
"key escrow" and "key recovery" (actually important for corporations,
but misused in recent USG proposals)

USG = United States Government

ITAR = International Trade and Arms Regulations.  Regulations export of
arms from the US.  Strong Crypto is regulated as a weapon by this
document. see Q3.2

EAR = Encryption Algorhythm Regulations (a guess, look it up)  Recent
proposals by Clinton Administration.  see Q3.2

TLA = Three Letter Acronym/Agency.  Refers to USG agencies (typically
involved in law enforcement) FBI, CIA, NSA, etc.

NSA = National Security Agency.  This highly secretive agency is
responsible for the protection of USG secrecy via encryption as well as
the spying on other governments by breaking encryption algorhythms.
see Q4.8

DES = US Data Encryption Standard algorhythm. see Q2.9

RSA = a company and a public key algorhythm.  see Q2.9  and Q2.3

net.loon/kook = a purely subjective characterization.

Signal-to-Noise ratio = Signal refers to on-topic posts.  Noise, the
opposite.  A high S/N ratio means the list is putting out a lot of
signal("good posts").  Subjective, but fairly obvious.  See Section 5
for pointers no how to reduce (what you think is) noise

Memes = [get a good definition here]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        [Rest of FAQ goes here :)   This is a pre-alpha FAQ, intended
         only to solicit commentary and suggestions.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1

iQCVAwUBMwJViqb3EfJTqNC9AQHigwP+IAXu+PO7aGiR/zZxz91PhnYuYvTy3jMN
HzO4djcx44auPMjh6pFpmWJuYRcoxVHXCh2JO4UOR3cNYloxikwY4hGgYx8jLgN1
XORQztiCGMI/2ScVsi8tH6eJLCuZxmE7s8semel4CC8xH3H74vCiBNZD6iyyIXOG
oMkSnOVFAQg=
=Fdky
-----END PGP SIGNATURE-----