Cryptography-Digest Digest #748, Volume #12 Fri, 22 Sep 00 14:13:01 EDT
Contents:
Re: Software patents are evil. ("Paul Pires")
Re: Carnivore article in October CACM _Inside_Risks ([EMAIL PROTECTED])
Re: t (Mok-Kong Shen)
Re: Tying Up Loose Ends - Correction (SCOTT19U.ZIP_GUY)
Re: Tying Up Loose Ends - Correction (SCOTT19U.ZIP_GUY)
Re: IBM analysis secret. (SCOTT19U.ZIP_GUY)
Re: Tying Up Loose Ends - Correction (Mok-Kong Shen)
----------------------------------------------------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Date: Fri, 22 Sep 2000 10:23:07 -0700
Bill Unruh <[EMAIL PROTECTED]> wrote in message
news:8qdu5a$n9b$[EMAIL PROTECTED]...
> In <HXsy5.2330$[EMAIL PROTECTED]> "Paul Pires"
<[EMAIL PROTECTED]> writes:
>
>
> ]Bill Unruh <[EMAIL PROTECTED]> wrote in message
> ]news:8qdf0a$dj3$[EMAIL PROTECTED]...
> ]> In <[EMAIL PROTECTED]> "Trevor L. Jackson, III"
<[EMAIL PROTECTED]>
> ]writes:
> ]> ]> Patents had has almost nothing to do with software until recently. Yet,
> ]> ]> you could not say that software has suffered in the US.
> ]>
> ]> ]Well, given that we have no control against which to test the history of
> ]software in the
> ]> ]US, and given that the software industry is fairly young there does not
seem
> ]to be much
> ]> ]that can be said in a definitive way. Yet, for the purposes of
discussion, I
> ]can take a
> ]> ]Devil's advocate position. Resolved: that the low quality of US software
is
> ]due to the
> ]> ]lack of an effective protection for intellectual property.
> ]>
> ]> Low quality is almost always due to a lack of comptetition, not a lack
> ]> of intellectual property rights. The USSR had immense itelletual and
> ]> other property rights protections-- manufacturers were handed monopolies
> ]> on all kinds of goods. There is no evidence whatsoever that this
> ]> resulted in the manufacturers spending time and effort to make sure that
> ]> their products were the best possible. Just the reverse.
>
> ]Why do you continually insert the monopoly practices of the former USSR into
> ]the discussion? What, it happend there so it could happen here? The issue
isn't
> ]whether state sanction monopolistic practices are good or bad but whether
> ]the particular one under discussion is. Hey, they were bad. Guess what, they
> ]are gone. Move on.
>
> Because it is an example of a country which instituted precisely the
> kind of restrictions on the economic system, for reasons which are very
> similar to the reasons which you give.
"Precicely" and "similar"? I don't think so (Just my opinion). Their reasons are
unimportant, it was their actions that proved to be problematical.
>Of course it is not the same. Of
> course it differs in detail. But your argument is that monopoly leads to
> better products for the consumer. My counterargument is that it does
> not, as has been tested by various countries. One should learn from
> history, not just "move on" or we will repeat all of the same mistakes.
> The USSR did not get where it was on purpose or through evil intent. It
> was trying to set up a much fairer economic system than the predatory,
> wasteful, exploitative capitalist system, a system which would produce
> more and better goods for the consumers without the costs of capitalism.
Why it failed is a matter of opinion and I have one different from yours.
> It failed. Monopolies are not a good idea. Patents are monopolies.
> Thus the question arises as to whether the benefits which accrue to
> society through the conditions set on the monopolies granted by patents
> outweigh the costs that monopolies invariably bring with themselves.
> In the case where those benefits do not clearly and demonstrably (not
> thoeretically) outweigh the costs, monopolies should not be granted, and
> then should be granted for as short a time as possible and still reap
> the clear benefits to society.
>
> In my opinion software patents do not fulfill these criteria. They grant
> monopolies without a clear benefit ( except of course to the
> monopolist).
>
> YOur arguments were all theoretical and of exactly the kind used by the
> Soviets to justify their experiment.
Bad logic. Just because The rational behind A & B are identical, doesn't
mean the processes A & B are identical. Both of our arguments are equally
theoretical. Any claim that you have that history is behind yours is just bad
science.
>
>
> ]> ]First, the low quality is evaluated against what we know could/should be
done
> ]rather
> ]> ]than against what is done in other countries (where IP protection is even
> ]less
> ]> ]effective). Second, the observation that intellectual property is not
> ]effectively
> ]> ]protected is demonstrated by the Lotus 123 suits (vs Visi and vs clones)
and
> ]the
> ]> ]Xerox/Apple vs Microsoft/HP suit. I submit that there was appreciable
> ]intellectual
> ]> ]property at issue, and that the good guys lost.
> ]>
> ]> Well, I sure would not argue that the good guys lost in the Look and
> ]> Feel cases, if that is what you refer to. Those cases were ludicrous.
> ]> Their only purpose was to stifle competition.
> ]>
> ]> ]The central thesis is that lack of effective IP protection lowers the
> ]barriers to entry
> ]> ](generally perceived to be a good thing) and lowers the potential payoff
by
> ]diluting the
> ]> ]market for good software with bad software (generally perceived to be a
bad
> ]thing).
> ]>
> ]> Yes, just like coffee. We should institute laws that only allow say
> ]> starbucks to open coffee shops in any city. Think of how great the
> ]> coffee would be then! Competition does far far more for increasing
> ]> quality than does nay intellectual property protection.
>
> ]Too much prior art for such a grant. The reason it hasn't happend is that the
> ]process you deride will not allow it. You are citeing its hypothetical
> ]non-operation
> ]as an example of its poor operation.
>
> No, I am not claiming this as an example where a patent should be
> granted but an example where one could argue that a monopoly should be
> granted to bring about the kind of benefits you listed as arising from
> monopolies.
You miss an intentional limitation of the process. It was designed NOT to
stop someone from doing something that they have already been doing
in the public domain. This is very important, a patent should not be issued
for this example regardless of the hypothetical benefit you cite to mankind.
>
> The first question one needs to answer is whether monopolies should be
> granted at all. (patents and copyright are both monopoly grants). Then,
> if so, under what conditions should they be granted. My claim is that in
> the first approximation they should not be granted. They have too many
> flaws. Competition is far more effective in delivering the consumer
> goods than is any monopolistic practice.
I have been there, I have a different opinion.
>
> If one believes that they should be granted, under what conditions? I
> believe that the conditions should be very stringent, and that the
> monopoly should be granted only for as short a time as at all possible
> in order to reap the supposed benefits to society (not the monopolist).
Now we are to the meat! This is a topic that this group is well equipped to
Work on. It is very much like a crypto protocol. How do you prevent:
denial of service, man in the middle, replay attacks and other malicious use.
It is far more similar than you would think because it is dealing with
information
where its value is its unknown (as yet) nature. I think the USPTO could profit
alot from employing cryppies to consult on reforms. Unfortunately, they wouldn't
stay on topic very long and would drift of into social engineering.
>
> In software I see no evidence whatsoever of any benefit to society of
> granting such monopolies, and huge costs. People are willing to write
> software, people are willing to write software for free, and of a very
> high standard (see Linux as an example). In the face of that evidence to
> claim that software would only get written if monopolies were granted
> seems to me to fly in the face of all evidence. The software industry
> took off with no patents. patents as a corporate tool in software has
> really only taken ahold in the past few years, and is being used to
> stifle not enhance competition and innovation. As in a criminal court,
> the evidence should be there beyond a reasonable doubt that the monopoly
> is essential befor any such monopoly should be granted.
A trial to grant a patent? If you want to kill it, get out your gun i.e.
A constitutional ammendment against this task as a role of our (US) government
don't offer reasonable compromise to leave it castrated but in place.
>
>
>
> ]>
> ]> ]If effective IP were available it would be worth investing great effort
into
> ]being the
> ]> ]best. Without effective IP protection such effort is wasted because it
can
> ]be cloned
> ]> ]cheaply and the fruits squandered. Some consider this a good thing in
that
> ]it makes
> ]> ]whatever accidentally turns out to be good (more accurately popular)
widely
> ]available
> ]> ]within a short time span.
> ]>
> ]> ]Others consider this to be a bad thing because there is a positive
> ]disincentive toward
> ]> ]quality. It costs time. And the sine qua non of modern software
marketing
> ]is to be
> ]> ]first rather than best.
> ]>
> ]> And you raplidly have to be best as well, or you are out.
> ]>
> ]>
> ]> ]In the short term, we can economically purchase the best that is available
in
> ]the market
> ]> ]because any innovation is rapidly emulated. In the long term the best
that
> ]is available
> ]> ]in the market is far lower that it would be because there is no incentive
> ](differential
> ]> ]advantage) for production of better software. Since short term effects
> ]dissipate and
> ]>
> ]> I disagree completely with this anticompetitive stance. Barriers to
> ]> competition simply enrich the monopolists, and do not lead to
> ]> improvements.
>
> ]The intent of the patent process is to remove barriers to competition and
> ]therefore stimulate innovation. You can rightly cite some examples where the
> ]Process has failed or been abused to do the opposite. So what? No law or
> ]practice
> ]shall be allowed unless it is demonstratably perfect in the presence of a
> ]determined
> ]adversary? Wasn't it the Polish who had a practice that regulations could
only
> ]be
> ]passed by unanimous approval of their senate.
> ]>
> ]> ]long term effects accumulate, at some point past initialization the market
> ]will be
> ]> ]dominated by long term effects, and saturated with bad software.
> ]>
> ]> Just like it is saturated with bad coffee? Wouldn;t it be nice if we
> ]> only had one coffee company, one car company( with no imports allowed),
> ]> one runhing shoe company,... Think of how great all of our products
> ]> would be then!
> ]> The arguements you give were exactly the arguements made by the
> ]> Communists in setting up their economic system. Competition is wasteful.
> ]> Competition means that the manufacturers spend all their time wasting
> ]> time worrying about their competitors rather than worrying about how to
> ]> make the best product for the consumer. Unfortunately that is not the
> ]> way the world works. Competition is the best incentive for improving
> ]> both the range AND quality AND price of products in the vast majority of
> ]> situations. It is not universal, and there are times when limits on
> ]> competition are beneficial. But those need to be thought through very
> ]> carefully, that those anticompetitive practices really do more good than
> ]> harm. The problem is that all industries love anticompetitive laws--
> ]> they no longer have to worry since there is noone to take their market
> ]> away. And those industries will put immense pressure on corrupting the
> ]> governments to grant them anticompetitive laws. Those pressures should
> ]> almost always be resisted. And they should especially be resisted in the
> ]> software industry.
> ]>
> ]> For example, software copyrights should be reduced to say 3 years,
> ]> extendible to 7 is the source is published. Any more than that is just
> ]> silly. And given MS claim that they lost the source code for DOS, giving
> ]> copyright protection where the code is not made public is strongly
> ]> against the public interest. (Note that this would have made the Y2K
> ]> problem a hell of a lot more manageable.)
>
> ]You wish to ammend law on the basis of the antics of bad boy Bill?
> ]I'm sure he is flattered.
> ]>
> ]>
> ]> ]Some observers attribute the low quality of software to its commodity
status,
> ]reasoning
> ]> ]that if the customers cannot tell the difference between high and low
> ]software quality
> ]> ]there will never be any reason to "waste" effort on raising quality
because
> ]it will not
> ]> ]result in more sales. In fact it will result in less revenue based on
> ]upgrades.
> ]>
> ]> Ah, yes, the theory that governments should be there to protect the
> ]> stupid consumer from having to make uninformed choices.
> ]>
> ]>
> ]> ]But this misses the point. Customers _can_ tell the difference. But that
> ]difference is
> ]> ]dominated by cost differences. So a company that prices its software
higher
> ]than the
> ]> ]competition to cover serious development effort will price themselves out
of
> ]the market
> ]> ]composed of competitors who "me too!" the fruits of the development effort
> ]without
> ]> ]paying for it. So customers will always pay less for approximately the
same
> ]quality.
> ]>
> ]> ]Effective IP would restore the balance between quality and cost and reduce
> ]the
> ]> ]domination of the first-to-market mentality.
> ]>
> ]> All the evidence is to the contrary in country after country, century
> ]> after century. Monopoly powers breed contempt of the consumer, not
> ]> heightened regard for his/her well being.
> ]>
> ]> Consumers are perfectly capable of making the choice between price and
> ]> quality on their own without governments and laws to "help" them.
> ]>
> ]> ]Conclusion: I can say that software has suffered in the US if low quality
> ]counts as
> ]> ]suffering.
> ]>
> ]>
> ]> ]Is this off topic? Perhaps not. Crypto is similar to software as an
> ]industry with an
> ]> ]abstract, almost ineffable, product. And crypto -- as an industry -- is
> ]younger than
> ]> ]software. Perhaps crypto can do better.
> ]>
> ]>
> ]> Not if it is going to get mandated by the government.
>
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Carnivore article in October CACM _Inside_Risks
Date: 22 Sep 2000 13:32:57 -0400
> Douglas A. Gwyn <[EMAIL PROTECTED]> asked
>>Should we require
>> auto manufacturers to plant
>>tracking devices in every car they make so that they can be
>>switched on by law enforcement if the need arises?
Of course not. Who would pay for it? Instead, sell it as an extra feature
(LOJACK! GET THIS AND YOUR CAR CAN BE TRACKED! NOW ON SALE!) and have
insurance companies, recognizing its value when used properly, insist that
its policy holders have it installed (or deny certain coverage or charge
exhorbitant rates).
Heck ... tracking has useful features. Don't INSIST on it (that sounds too
Orwellian) - no, use the power of advertising and you can have the public
clamoring for it.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: t
Date: Fri, 22 Sep 2000 19:56:41 +0200
"John A. Malley" wrote:
>
> Nearly every thread in this group teaches something.
Yes, something fine to do or not fine to do. (One of
the two possiblities always exists.)
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Tying Up Loose Ends - Correction
Date: 22 Sep 2000 17:28:50 GMT
[EMAIL PROTECTED] (Mok-Kong Shen) wrote in <39CB7FDC.1272796D@t-
online.de>:
>
>
>Tim Tyler wrote:
>>
>> I believe what I wrote was correct.
>
>O.k. I take back what I said. But would you please
>explain a bit why the keyspace is reduced by 32 through
>the 5 0-bits in the input to encryption? I don't know
>how to get that exactly. Thanks.
>
>M. K. Shen
I am surprised you took back anything it must be a trick.
But the answer above is obvious. when he said 32 he was referring
to a afactor of 32 which for 5 bits is 32 = 2*2*2*2*2 in short
two to the the power 5. But you must known that just as you must
know that haveing an EOF symbol in a compresson of huffman or
arithmetic type before the file is encrypted is a mistake.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Tying Up Loose Ends - Correction
Date: 22 Sep 2000 17:37:21 GMT
[EMAIL PROTECTED] (Mok-Kong Shen) wrote in <39CB7FD8.3B12AC68@t-
online.de>:
>
>
>"SCOTT19U.ZIP_GUY" wrote:
>>
>> No I was also in this and other threads criticizing the
>> use of an EOF symbol in any huffman or arithmetic type of
>> compression as nothing more than a means to make the following
>> encryption weaher. Becasue it makes the effective key space
>> smaller.
>
>The eof is unknown to the opponent as well as the
>random filling. For him that could just as well be
>some sort of compressed 'plaintext', isn't it? Since
>that corresponding 'plaintext' presumably has
>less regularity than the proper plaintext, that
>addition cannot be easier to deal with. The input
>to encryption is longer and output also. But, as said,
>that amount is negligible.
>
As stated several times if compressing before encryption
the EOF is a waste of time. It only helps to break an ecryption.
If your talking about useing a key to assign 1's and 0's in a
secrest way in a huffman tree Yes its better that not assiging any value.
But so what that does not take away from the fact its a dumb
idea to use the EOF symbol. Sine the it will not decompress at
all unless the corrrect key was used since the attacker would still
have the code and know you used an EOF. Yes it is hard but so what.
you lose a lot more than the few extra bits. I am sorry if I can't
explain it in a way that can help you understand.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: IBM analysis secret.
Date: 22 Sep 2000 17:46:59 GMT
[EMAIL PROTECTED] (DJohn37050) wrote in
<[EMAIL PROTECTED]>:
>Don Coppersmith wrote an article on DES published in the IBM Journal of
>Research and Development when he says that IBM knew of the potential for
>differential analysis (they had another name for it) and designed DES to
>resist it. And that this info was kept secret, as they saw no reason to
>help an adversary, as it was a powerful attack. He also listed all the
>security criteria of the S- boxes.
>Don Johnson
>
Having worked in the government for 26 years. I would take anything
a corporation says with a grain of salt. Numberous times govenment
employess did all the work and then later the BIG CORPARATIONS with
money acted like they did something. My view is that the boys at IBM
never where given the reasons for DES and just went along with the NSA
just as they most likely were never given an honest reason why it was
56 bytes instead of 64. But hey maybe the NSA shared there secrets with
those at IBM like it seems we currently do with the Chinese or whoever
Bill is favoring lately.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Tying Up Loose Ends - Correction
Date: Fri, 22 Sep 2000 20:19:34 +0200
"SCOTT19U.ZIP_GUY" wrote:
>
> [EMAIL PROTECTED] (Mok-Kong Shen) wrote:
> >"SCOTT19U.ZIP_GUY" wrote:
> >>
> >> No I was also in this and other threads criticizing the
> >> use of an EOF symbol in any huffman or arithmetic type of
> >> compression as nothing more than a means to make the following
> >> encryption weaher. Becasue it makes the effective key space
> >> smaller.
> >
> >The eof is unknown to the opponent as well as the
> >random filling. For him that could just as well be
> >some sort of compressed 'plaintext', isn't it? Since
> >that corresponding 'plaintext' presumably has
> >less regularity than the proper plaintext, that
> >addition cannot be easier to deal with. The input
> >to encryption is longer and output also. But, as said,
> >that amount is negligible.
> >
>
> As stated several times if compressing before encryption
> the EOF is a waste of time. It only helps to break an ecryption.
> If your talking about useing a key to assign 1's and 0's in a
> secrest way in a huffman tree Yes its better that not assiging any value.
> But so what that does not take away from the fact its a dumb
> idea to use the EOF symbol. Sine the it will not decompress at
> all unless the corrrect key was used since the attacker would still
> have the code and know you used an EOF. Yes it is hard but so what.
> you lose a lot more than the few extra bits. I am sorry if I can't
> explain it in a way that can help you understand.
I repeated argued about your first sentence. I said
that the percentage of 'waste' (the number of bits
caused by using eof) is so small that it is negligible.
Since without the right tree, the opponent cannot
decompress to verify the plaintext even if he happens
to have picked the right encryption key, whether
there is an eof or not doesn't matter, isn't it?
M. K. Shen
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
