> > As of Jan-2014 CAs are forbidden from issuing/signing anything less than 
> > 2048 certs.  
> For some value of "forbidden". :-)

Yeah, just like employees at big companies are "forbidden" to reveal
how they are collaborating with NSA.

Years ago I heard what happened when George Davida filed a patent on
something related to encryption, all the way back in 1978, and
eventually received a communication from the government telling him
that his patent was subject to patent secrecy, that it would never
issue, and that he could not even tell anyone that it had been
suppressed, nor could he ever tell anyone how his invention worked.
In theory, the law was all on the NSA's and the patent office's side.
But in fact, they were in a very weak position.

Instead of acquiescing, Davida shouted it to the housetops, engaged
the press and his university about censorship of academic freedom,
involved his Congressperson, etc.  Within months, the secrecy order
was rescinded.

NSA hates sunshine.  NSA secrecy relies on the cowardice of most
people.  Courage is all it takes to beat them.

If NSA tries to shut you up, just shine a lot of attention on their
attempt to shut you up.  Spread the information that they are trying
to suppress, far and wide.  Send copies to a dozen random post-office
boxes in different cities, asking the recipient to physically bring it
in to their local newspaper.  Leave your cellphone at home, then stash
copies in places that you don't frequent, so that government agents
can't come raid your house and office and steal all copies of what
they're trying to suppress.  In my case I posted something like this
(a suppressed paper by Ralph Merkle) to Usenet, and it was suddenly on
thousands of servers overnight.

NSA habitually decides that the publicity that their activities get
from any continued effort to suppress the information is FAR worse
than the damage caused by the initial release of the info.  Any
efforts they make to shut you up, prosecute you, jail you, etc give
you a perfect soapbox, and the attention of the news media and the
public.  Keep repeating the info, from your jail cell if necessary,
and you're likely to win.  Because if NSA relents, your revelations
become "last week's news" and get a lot less public attention.  When
NSA found out I had copies of an early encryption tutorial that they
considered classified (I was suing them under FOIA to get a copy, but
then found copies in a public library), they first tried to persuade
my lawyer to "bring in all the copies so we can secure them in a safe
place".  That's NSA-ese for "throw them down a deep hole where you'll
never see them again".  When we refused, and instead contacted the New
York Times, which printed a story about the attempted suppression, NSA
and DoJ buckled within one day.  (Indeed, the way I found out they had
suddenly declassified the document is that they called the NYT
reporter to tell him.  They never did tell me; I got the news from the

As part of suing the government, the Al Haramain foundation
accidentally received a government report making it clear that the
government had illegally wiretapped their phone calls.  They noticed
this but it took the government 60 days to notice.  Unfortunately,
instead of making hundreds of copies of the document, and spreading
them all over the world and to the press, they did what the government
asked, and destroyed all their copies of the document.  Once all
copies of the document were gone, NSA went to the court and claimed
first that the whole thing was a state secret and couldn't proceed,
and then second that the group didn't have any standing to challenge
the wiretaps in court because Al Haramain (now) had zero evidence that
the taps had even occurred.  The foundation and their lawyers have
literally spent years of work recovering from that one mistake, and
only the kind indulgence of a smarter than average judge enabled their
lawsuit to survive at all.  See this story by one of their lawyers:


Don't make the same mistake when NSA, or their minions at the FBI or
FISA or DoJ come to threaten YOU to suppress information that came to you
through no fault of your own.

        John Gilmore

The cryptography mailing list

Reply via email to