[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Praise the Lord! / Re: anti-GAK design principles: worked example #1




Jon Callas wrote:
> At 11:45 PM 10/15/97 +0100, Adam Back wrote:
 
> Okay, Adam, I'll be civil here, but here's something I want to note:
> 
> You've ranted, raved, politicized, propagandized, given ad hominem attacks,
> and stated the opinion that anyone who disagrees with you is evil. You've
> sent flames to our internal development lists, which is at least impolite.
> Yet you say, "constructive criticism only." Sure. I'd like an apology from
> you, though. Deal?

  Praise the Lord!
  The CypherPunks mailing list dialogue re: CMR/PGP is CypherPissing at
its finest.

  As a cryptographer, I am pretty much a carpetbagging pretender, but,
up to now, I have managed to fool quite a number of people into thinking
that I may understand the issues involved in privacy, security and
encryption.

  Now that the shit has seriously hit the fan, however, I find that I
am completely clueless as to the true import of the latest developments
which will decide the future of encryption. (And I suspect that I am
not alone in this.)
  I believe that my philosophical viewpoints of encryption issues are
valid in many ways (and probably irrelevant in other ways), but the
current nadir point in encryption development is one in which there is
no possibility of many of us making sound decisions as to what position
we should ethically take, unless those who truly have a solid grounding
in the underlying technology manage to accurately explain the issues
involved to those of us who *don't* dream in algorithms.

  I am extremely pleased with Adam Back's in-your-face, "I'm from
Missouri...show me!" attitude, since I think that this issue is
important enough that no one should give an inch of ground until
their philosophical opponents have given them valid cause for doing
so. I am also pleased that Adam is honestly and openly asking for
those who *can* 'show' him, to do so.
  I am also every bit as interested in hearing and learning from the
position that Jon Callas is taking, based upon his own knowledge of
what CMR/PGP is, and is not.

  I honestly do not care in the least whether Adam and Jon are 'both
right', whether they are both 'half-right', or none of the above.
  What I *do* care about is that they both honestly state their case
to the extent that I have enough information to make my own decision
as to what future course of action I should take on these issues.

  My depth of concern in this matter springs from the following:
I care...and I act. As a result, my actions have effects, for which
I consider myself responsible.
  I truly believe that abortion results in the extinguishing/murder
of a divine spark of human/spiritual life energy. Yet I risked my
life and my freedom, helping my sister smuggle home-abortion 
literature into a predominantly Catholic country behind the Iron
Curtain. Why? Because it is not up to me to make the decisions
for *everyone*, and I do not believe that it is in the interest
of humanity to have *two* spirits die because those who choose
to do home abortions do not have access to information that will
preserve their life.
  The 'Right To Life' faction will publish *their* statistics and
opinions, as will the 'Pro Choice' faction, but I refuse to take
the easy way out and convince myself that I can flip a coin to
decide which faction will bear the responsibility for *my* own
decision in the matter.

  The coming developments in information technology will undoubtably
make George Orwell look like an optomist.
  We have to make our decisions without having the benefit of hindsight
that history affords us. If Hitler had indeed only wanted 'Austria', 
then the concessions that world leaders of the time made might have
proven to have saved many needless deaths. History has proven this to
be wrong, but those of us who did not live through that time would have
a difficult time divining who was 'honestly wrong' and who 'sold out.'

  How many guilty men should go free in order to guarantee that a single
innocent man is not imprisoned?
  My answer: "More than one, less than a million." (ymmv)

> Fair-warning. In my first missive, I talked about my own principles, and
> one of them is the "fair-warning" principle. It states that users should
> know what is going on. If you have a key that is used in this system, there
> is nothing in it that tells me that your company can read a message I send
> you. I see this as a flaw, and one that I consider to be a *very* big deal.
> Full disclosure is one of my hot buttons.

  I could be wrong, *but*:
  With PGP 5.0, I found that if someone sent me a message that
was encrypted to someone else, I would get a message telling me
that I didn't have the proper key, but would not tell me who the
message *was* encrypted to.
  I could drop into PGP 2.6.2 and get a message saying (paraphrased),
"Encrypted to John Doe <[email protected]>, you don't have that key."
(OK, *badly* paraphrased.)

  With PGP 2.6.2, I routinely used a bogus password in my first pass at
decyphering messages, so that I could find out who all the message was
encrypted to. It makes me nervous that one has to 'make a mistake' in
order to get 'the rest of the story', rather than automatically be
informed when a message is also encrypted to others.

  Also, as a 'teaser', I would like to announce to one and all that
the quickly closing saga of 'InfoWar' will include an epilogue
chapter titled, "I Broke PGP," written by myself.
  Believe it or not, I speak the truth, although not in a way that
it direct and obvious.
  If you think I am bullshiting, then stop washing your asshole,
starting today, because if you can show me I am wrong, I will kiss
your ugly, hairy ass.

Love and Kisses,
TruthMangler