--- begin forwarded text Date: Sat, 16 Oct 1999 01:59:03 -0700 To: [EMAIL PROTECTED], [EMAIL PROTECTED] From: Bill Stewart <[EMAIL PROTECTED]> Old-Subject: CDR: Re: how does disappearing.com's crypto work? Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: how does disappearing.com's crypto work? Sender: [EMAIL PROTECTED] Reply-To: Bill Stewart <[EMAIL PROTECTED]> At 01:30 AM 10/15/1999 +0100, [EMAIL PROTECTED] wrote: >I haven't seen any technical discussion of what Disappearing Inc are >up to. Did the employee show up at the cypherpunks meeting as advertised? >My guess is that they have come up with some kind of server gated >forward secrecy protocol for email. Forward secrecy is good, but >forward secrecy should be end-to-end, not server based, because then >you have to trust the server. Maclen Marvit from Disappearing Ink http://www.disappearingink.com/ spoke at the Cypherpunks meeting last Saturday. It's good stuff. He started his talk by explaining the business model of what Disappearing Ink does, and what it does _not_ do. That's an important part of the discussion, because some of the things that it does not do are hard or impossible and people have been flaming them for probably doing a bad job of them. And it's the critical part of the "Get Money From Venture Capitalists" talk :-) DI addresses the records destruction problem for email. It lets two or more willing, cooperative people have an email conversation with reasonable certainty that there won't be any persistent records kept for more than N days by any intervening servers - no backup tapes on email servers, no meaningful logfiles, nothing that SEC regulations require you to destroy about the potential merger & acquisition discussions you had, nothing that Ken Starr or the Microsoft Anti-Trust inquisitors or the Ollie North Follow-The-Money investigators can subpoena later, nothing that your business competitors can steal. It doesn't solve the problem of the sender or receiver making copies on purpose; as many people have discussed, that's not realistic. It doesn't solve the problem of eavesdroppers listening in while you talk; if you need to do that, use encryption - sending PGP-encrypted messages using Disappearing Ink is just fine. It doesn't solve the problem of logfiles indicating who send mail to whom; if you need a remailer, use a remailer. It doesn't solve the problem of cops with warrants seizing their records to get the messages gambino.org sent today if they're doing 60-day disposal, though the users can set disposal time and conditions. DI uses plugins to several popular email packages. The sender's plugin encrypts the email and does an HTTP handshake (using whatever SSL is available) to hand the key to the DI server. The recipient's plugin fetches the key using HTTP/SSL and decrypts. Encryption is currently Blowfish, but 3DES and TwoFish are planned. If the recipient doesn't have an email plugin, the message can be handed to DI using a web-form for decryption, but otherwise DI never sees or handles the messages, only the keys and message-IDs. I don't remember how much tracking information DI's server knows - it may be only a message-ID, or it may use the sender's or recipient's address. Some followon topics we suggested were the possibility of doing something Diffie-Hellman-like in a later release. I don't think we went into random number generation strategies. Thanks! Bill Bill Stewart, [EMAIL PROTECTED] PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639 --- end forwarded text ----------------- Robert A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
