[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Building crypto archives worldwide to foil US-built Berlin Walls

This brings to mind again a method of distribution that I've thought for
some time and has probably been discussed on this list before.  In this
distribution method, as long as there is the opportunity to cooperate ahead
of time and out of band, there is the potential for retaining the ability
to provide access any binary data that would be subject to unwanted control.

The scheme is just a variation of secret sharing and all that is necessary
is for several different entities to replicate portions of the desired
software, which portions in and of themselves cannot be subject to any

For (a trivial) example take the image of PGP zipped up for download.
Three different sites create a unique portion of that image for themselves,
for example, each site takes every third byte, and throw in some additional
obfuscation by each site XORing their portion of the image by some
additional data available at a fourth site such as a collection of
cypherpunk list text.

It then is trivial to reconstruct the desired image from the independent
sources, while none of the sources themselves can be subject to controls
without having to go down the rat hole of having to define what really
constitutes the restricted material -- either in all possible forms, or in
terms of all possible transforms applicable to the partitioned source
material.  Otherwise it could be argued that there is a function and that
takes the image of an ASCII representation of Herman Melville's Moby Dick
into the image of PGP.ZIP and therefore Moby Dick is an export controlled
item.  Or is the transform the export-controlled item?  Or what?


At 09:38 PM 12/7/98 -0500, Robert Hettinga wrote:
>--- begin forwarded text
>X-Authentication-Warning: toad.com: Host localhost [] didn't use
>HELO protocol
>To: [email protected], [email protected]
>Subject: Building crypto archives worldwide to foil US-built Berlin Walls
>Date: Mon, 07 Dec 1998 15:23:54 -0800
>From: John Gilmore <[email protected]>
>Sender: [email protected]
>The US Wassenaar initiative is an attempt to deny the public not only
>all future strong crypto developments, but all existing ones.  As
>today's message from Denmark makes clear, the freedom-hating
>bureaucrats are threatening to prosecute a citizen merely for
>publishing PGP on his web page.
>Let's at least ensure that they don't eliminate *today's* strong
>crypto, by replicating crypto archives behind each Berlin Wall they
>threaten to erect.  Today we depend on a small number of archives (in
>a small number of countries) containing source and binaries for PGP,
>SSH, Kerberos, cryptoMozilla, IPSEC, and many other useful crypto
>tools that we use daily.
>Let's replicate these archives in many countries.  I call for
>volunteers in each country, at each university or crypto-aware
>organization, to download crypto tools while they can still be
>exported from where they are, and then to offer them for export from
>your own site and your own country as long as it's legal.  (The
>Wassenaar agreement is not a law; each country has merely agreed to
>try to change its own laws, but that process has not yet started.)
>And if at some future moment your own government makes it illegal for
>you to publish these tools, after all your appeals are denied, all the
>pro-bono court cases rejected, and all the newspaper coverage you can
>get has been printed, then restrict your web site so that only your
>own citizens can get the tools.  That'll still be better than the
>citizens of your country having NO access to the tools of privacy!
>(I suggest putting these tools on a Web site on a machine that you
>own, rather than on a web site where you buy space from someone else.
>That way there'll be nobody for the freedom-squashers to threaten
>except you.)
>I'm sure that John Young's excellent http://jya.com site will be happy
>to provide an index of crypto archives around the world, if people
>will send him notices at [email protected] as your sites come up.
>(Each archive should locally mirror this list, so that we won't depend
>on a single site.)
>Rather than having their desired effect of squelching crypto
>distribution, perhaps their overbold move can inspire us to increase
>strong crypto distribution tenfold, by making it clear to the public
>that if you don't keep a copy on your own hard drive, the governments
>of the world will be merciless in scheming to deny you access to it.
>And if crypto developers have to publish on books, or rely on
>smugglers to get crypto from country to country, then at least each
>country will have its distribution arrangements already ready for when
>the book is scanned or the smuggler arrives.
>	John Gilmore
>--- end forwarded text
>Robert A. Hettinga <mailto: [email protected]>
>Philodox Financial Technology Evangelism <http://www.philodox.com/>
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'