DCSB Call for Speakers
-BEGIN PGP SIGNED MESSAGE- The Program Committee of the Digital Commerce Society invites any member of the dcsb mailing lists to submit their proposal for a luncheon talk to the Society. Speakers can be any *principal* in any field of digital commerce. That means anyone who is doing interesting research or development in, or who is making significant market innovation in, the technology, finance, economics, law, or policy of commerce on the global public internetwork. The Committee tends to consider the person giving the talk first, and then gives the speaker lots of discretion in the content of their talk -- as long as it pertains to DCSB's charter to promote innovation in internet commerce. The Society's meetings are held on the first Tuesday of the month at the Downtown Branch of the Harvard Club of Boston, One Federal Street, Thirty-Eighth Floor, in Boston, from 12 to 2 in the afternoon. Unfortunately, the Society can not remunerate a speaker for any fees or expenses other than, obviously, the speaker's lunch, and basic overhead projection equipment. There is dial-up internet access for the meeting room. If you, or anyone you know, are interested in speaking to the society, please send, via email, a proposal, consisting of a single paragraph on the speaker, and a single paragraph on the proposed talk, to Robert Hettinga mailto: [EMAIL PROTECTED], the chairman of the DCSB Program Committee, and the Society's Moderator. A list of previous speakers can be obtained with the following URL mailto:[EMAIL PROTECTED]?body=info%20dcsb, or, if your mailreader/browser doesn't support mailtos, send info dcsb in the *body* of a message to [EMAIL PROTECTED] . Thank you for considering DCSB in your speaking plans, and, if you have any questions on your submission, please contact me directly. Cordially, Robert A. Hettinga Moderator and Program Committee Chair, The Digital Commerce Society of Boston -BEGIN PGP SIGNATURE- Version: PGP for Personal Privacy 5.5.5 iQEVAwUBNhTb/sUCGwxmWcHhAQHO2Qf/czV5QvJpM8RsX7UPydK0XAigPU6z+KxR 7sRwSOG+uguMLcEgvp+UItAOtXQc4ZGxMZib3LyqS9Hq3iZVHWTJkY/Qvk9kGUYH WNia7+1JTWfpeScDn8VSLQP4SgXSDXPoAagzxkTGs8fOuuwndb3TeDQOsTZvC/Br +Cb6cH5AM1rUr8IZBw7VJoLAkf0Hi3f1rtrWOp0lQ6DMcTVkfXy3lfa7scVXP90+ Wswa40wCrCp0O1N9mwhZa9BKGzztlksMRZzDLKVZe8tXqBMqdnQ6Un8cLLHIWdpK PFs32XSN9YqXvUQozsthc2Ao0rz4wqlTE26UNhcwCqDff04KrJ5/BA== =IhaG -END PGP SIGNATURE- - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
DCSB: Ron Rivest; Microcash on the Internet, Deep Crack = MicroMint?
--- begin forwarded text Date: Mon, 10 May 1999 11:20:58 -0400 To: [EMAIL PROTECTED], [EMAIL PROTECTED] From: Robert Hettinga [EMAIL PROTECTED] Subject: DCSB: Ron Rivest; Microcash on the Internet, Deep Crack = MicroMint? Cc: Ron Rivest [EMAIL PROTECTED], Tim Middelkoop [EMAIL PROTECTED], [EMAIL PROTECTED] (Nelson Minar) Sender: [EMAIL PROTECTED] Reply-To: Robert Hettinga [EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- The Digital Commerce Society of Boston Presents Dr. Ronald L. Rivest Cryptographer Underwriting Microcash on the Internet: Deep Crack = MicroMint? Tuesday, June 1st, 1999 12 - 2 PM The Downtown Harvard Club of Boston One Federal Street, Boston, MA MicroMint is a low security, high speed micropayment protocol based on k-way hash-function collisions. Just like an industrial mint, a MicroMint underwriter's economies of scale allow the production of large quantities of 'coins' at very low cost per coin, while small-scale forgery attempts can only produce coins at a cost exceeding their value. Unlike digital signature methods, a large initial investment is required to generate the first MicroMint coin, but generating additional coins is exponentially cheaper the more you produce. A true 'off-line' protocol, MicroMint produces a simple bit-string whose validity can be easily checked. The time to market for a possible MicroMint machine has been accelerated recently with the discovery that a MicroMint prototype has inadvertently been built already. "Deep Crack" is a custom-built DES-cracking machine built by Cryptography Research, Inc., for the Electronic Frontier Foundation. "Deep Crack" was built to prove that DES, the Data Encryption Standard, can be broken cheaply enough to make it unusuable for most purposes, especially in finance. At the 1999 International Conference on Financial Cryptography, MicroMint developers Ron Rivest and Adi Shamir -- two of the three developers of RSA public key cryptography -- showed how, with a few modifications, "Deep Crack" could be used to generate MicroMint coins. There is now interest in building a much larger commercial version of MicroMint. Putting a MicroMint machine on the web and linking it to existing cash-settlement financial networks like the Automatic Teller or Automated Clearinghouse systems, and a few regulatory changes, would allow one to withdraw and deposit MicroMint-based microcash from the internet in the same way that one could withdraw and deposit cash from an ATM. MicroMint coins could be used to pay for many small-value products and services, like MP3 files, streaming audio and video, controlled-access web-page content, value-added email postage, internet access, telephony and, possibly, with the incorporation of TCP/IP into power lines, electricity itself, someday. The ability to settle such transactions instantaneously and for cash should significantly reduce the administrative, financial, legal, and even engineering cost of anything sold on the internet. Ronald L. Rivest is the Webster Professor of Electrical Engineering and Computer Science in MIT's Department of Electrical Engineering and Computer Science. He is an Associate Director of MIT's Laboratory for Computer Science, is a member of the lab's Theory of Computation Group and is a leader of its Cryptography and Information Security Group. Professor Rivest is an inventor of the RSA public-key cryptosystem, and a founder of RSA Data Security (now a subsidiary of Security Dynamics). He has served a Director of the International Association for Cryptologic Research, the organizing body for the Eurocrypt and Crypto conferences, and as a founding Director of the International Financial Cryptography Association, the organizing body for the International Conference on Financial Cryptography Professor Rivest is a Fellow of the Association for Computing Machinery and of the American Academy of Arts and Sciences, and is also a member of the National Academy of Engineering. This meeting of the Digital Commerce Society of Boston will be held on Tuesday, June 1, 1999, from 12pm - 2pm at the Downtown Branch of the Harvard Club of Boston, on One Federal Street. The price for lunch is $32.50. This price includes lunch, room rental, various A/V hardware, and the speakers' lunch. The Harvard Club *does* have dress code: jackets and ties for men (and no sneakers or jeans), and "appropriate business attire" (whatever that means), for women. Fair warning: since we purchase these luncheons in advance, we will be unable to refund the price of your lunch if the Club finds you in violation of the dress code. We need to receive a company check, or money order, (or, if we *really* know you, a personal check) payable to "The Harvard Club of
[ANN] Intertrader announces Mondex Internet Cafe at Bank of Scotland
Somewhere, Doug Barnes is smiling... Cheers, RAH --- begin forwarded text Date: Fri, 07 May 1999 16:30:01 +0100 To: e$@vmeng.com, [EMAIL PROTECTED], [EMAIL PROTECTED] From: Rachel Willmer [EMAIL PROTECTED] Subject: [ANN] Intertrader announces Mondex Internet Cafe at Bank of Scotland Sender: [EMAIL PROTECTED] Reply-To: Rachel Willmer [EMAIL PROTECTED] PRESS RELEASE FOR IMMEDIATE RELEASE Edinburgh, 5 May 1999: Intertrader announces World's First Mondex Internet Cafe at Bank of Scotland The Internet Cafe is the World's First use of Mondex to pay for Internet access and has been designed by Intertrader using their innovative Intertrader CashBox(TM) technology. The Internet Cafe went live on 23rd April 1999. From 23rd April 1999, staff at Bank of Scotland can buy Internet access using their Mondex cards; the cash transaction is made automatically and immediately over the Internet using the Intertrader CashBox(tm) technology. This is the world's first use of the Mondex digital cash smart card to pay for Internet access over the Internet. Two Internet PCs have been installed in one of Bank of Scotland's staff restaurants. Internet access can be purchased from these machines by paying a 20p charge (approx. 32 cents or 0.30 Euro) for a 15 minute session. The Mondex card is inserted into a Gemplus smart card reader attached to the PC. The user enters their Personal Code to authenticate their use of the card and then confirms the payment. The cash is automatically and immediately transferred from their Mondex card, over the Internet, directly to the Mondex card attached to the Intertrader CashBox(tm). Rachel Willmer, CEO of Intertrader, said "This project demonstrates how rapidly Internet solutions requiring digital cash payments can be deployed using Intertrader's CashBox(tm) technology and how extremely suitable the Mondex digital cash smart card is for low value transactions over the Internet. We anticipate our CashBox(tm) technology to be of particular interest to providers of digital services, for example, pay-per-view operators or online games companies." She continued: "Using CashBox(tm)-based Internet solutions and Mondex cash, payments can be made directly to the seller from the buyer and the seller gets the full purchase price immediately with no third-party commission to pay. Using this technology, low-value spontaneous Internet transactions become economic. " Intertrader will be demonstrating this world-leading e-commerce innovation next week in Chicago at CardTechSecurTech 99 (May 12th-14th), at the Internet Village on Mondex International's Stand (355). Christine Peace, Director of Smart Cards at Bank of Scotland said "We are delighted to be working in partnership with a local Scottish company to deliver this innovative use of Mondex. We believe that the use of the Smart Card for both authentication and micro-payments over the Internet will be significant over the next few years and the Bank is now positioned as the clear leader to take forward business opportunities in this exciting new area." Thaer Sabri, Project Manager, Mondex International commented, "This announcement represents an important milestone in the development of Mondex solutions for e-commerce and we are very pleased to be working with Intertrader on this groundbreaking project. Mondex has a unique capability to tap the potential of this rapidly growing marketplace." Mondex is uniquely suited to the world of e-commerce because of its high security and multi-currency capabilities; furthermore Mondex's 'virtually zero' transaction cost uniquely enables it to handle micropayments cost effectively, an essential part of e-commerce. For more information, please contact : Rachel Willmer Intertrader Ltd 4 John's Place Edinburgh EH6 7EL U.K. Phone +44 (0) 131 475 7108 Fax +44 (0) 131 475 7109 Email [EMAIL PROTECTED] ### NOTES FOR EDITOR Intertrader Ltd --- Intertrader is an Internet commerce company based in Edinburgh, Scotland, specialising in Internet payment and authentication systems. Intertrader's innovative CashBox(TM) technology enables the rapid deployment of light-weight digital cash based Internet solutions. Currently supporting the Mondex smart card, Intertrader intends to extend the CashBox(TM) to support other smart-card based cash schemes such as Proton and VisaCash in future releases. In 1998, the Department of Trade and Industry awarded Intertrader the 1st Scottish Foresight Award for "exceptional vision in developing and applying new technology and opening new market opportunities". Further information regarding Intertrader is available from their website: http://www.intertrader.com Bank of Scotland Established by an Act of the Scottish Parliament in 1695, Bank of Scotland is a leading British clearing bank with its headquarters firmly planted in Edinburgh. In the region of 21,000 staff are employed by the Bank of Scotland Group, with Regional
dbts: When it rains, it poors (was RE: A DigiCash Darkhorse?)
Wherein Hettinga jumps up and down, rather heavily, on what skimpy "1A" punditry credentials he has. Here's hoping this source-protection stuff holds up. At 3:53 PM -0400 on 5/5/99, Not Chaum wrote: www.ruloffcapital.com Cool! But, wait, boys and girls, there's more: At 7:47 PM -0400 on 5/5/99, Somebody wrote: snip PLEASE DO NOT REPOST Bwahahahaha! Silly *you*... "Telegraph, Telephone, Tell Hettinga", remember? :-). Don't worry. This won't hurt a bit... The name of the buyer is Ruloff Capital. The owner is Walter Ruloff out of Vancouver who made ~$100k though the sale of his last company. ^ I take this to be an "m" I don't know exactly which company he sold, but I assume it to be one of the following: http://www.itls.com and/or http://www.i2.com The front person and contact seems to be a John Filby snip@ruloffcapital.com. He used to be (is?) General Counsel for one or both of the above named companies. Office:Oh, my!...snippage... Cell: 'nother snip Other people involved are: David Farrago (sp?). No idea what he does. Dennis Faust. Described as the "technical guy". The ganglia twitch. When it rains, it pours. Or, in these guys' case, "poors"? That's because, folks, it's beginning to look to me like we have everyone's nightmare on tap here: someone we never heard of, with lots of money, who wants to be in the digital bearer software business, and they want sole control of the DigiCash IP portfolio to do it. Meaning that it's possible that we've just exchanged a rather old and toothless dog in the manger for another, younger one, a veritable mastiff, with lots of pep, vim, and vigor to unprofitably guard the the manger's hay from the, um, cows, for the remaining lifetime of the blind signature patent. The only thing worse would be if it had been scarfed up by some Vancouver Stock Exchange penny-stock projector, which was what I was initially worried about. Fortunately, it doesn't look like that's what is happening right now. God help me, but for some reason I'm thinking about sailing, here. Sailors joke that while a spinnaker, a giant balloon-shaped foresail, enables you to go *much* faster downwind than you could normally, it's pretty much a sail that eats things: lines, spars, crew. Money. Evidently, Mssrs Ruloff et al. think that controlling the DigiCash IP at the core of a software company, a retreaded DigiCash or a brand new venture, will give them the spinnaker of the payment software business. Of course, such an enterprise *will* eat plenty of lines, spars and crew. Demonstrably. Down to the very last deck-ape, as DigiCash, BV, Inc., Etc., versions 1 through 5 or so, have all shown us. They're going to have to rewrite all that legacy code from the ground up, for starters, and I bet they're not accounting for that at all. But, worse, exclusive control of things like the blind signature patent will actually *slow* any new software company made from them -- not to mention the whole internet payment market -- for at least another 7 years. Much more like setting a large parachute sea-anchor than any spinnaker. If the above rank speculations (and crufty metaphors) are all true, we have impending disaster in my opinion. However, maybe they know something about this that about 1000 or so of us in and around financial crypto haven't figured out in the last 5 years or so. One doesn't earn $100 million without above average competence, certainly. Let's just hope they don't spend it all in one place. It's probably wishful thinking, but I can almost imagine a deputation of financial crypto and internet greybeards going up to BC to straighten these guys out and pulling the fat out of the current fire. Does anyone *else* out there think this is a good idea? Anyone out there of sufficient net.reputation up for a little road trip to Vancouver to see what happens? If I thought it would help, I'd go myself, but I've probably just prejudiced the discussion a bit :-), and I couldn't afford to do it, anyway. It's that old "No bucks, no Buck Rogers" thing. One final note. It turns out that the bidding is now high enough that all of DigiCash's current debtholders will be made whole, plus a little bit. And, evidently, several other people now tell me that the ZKS syndicate was prepared to go higher, but weren't really given the chance to do so by DigiCash, who accepted Ruloff's bid without coming back for a rebid. Which, of course, is their perogative. Nonetheless, and I don't know who overplayed what hand, but all of this could turn into an awful big shame if it can't be fixed somehow, and fairly soon. The judge's gavel goes down on all of this quite shortly. Cheers, RAH - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end
A DigiCash Darkhorse?
...From the "Telegraph, Telephone, Tell Hettinga" department :-)... About a month or so a go, I was talking to Nicholas Negroponte at the USENIX/MediaLab's Embedded Systems/Things That Think combined workshops, and he was talking up Zero Knowlege Systems pretty heavily. Well, maybe not talking them *up* so much as he wasn't talking them *down*. He was saying things like "You know, those guys at Zero Knowlege aren't so bad after all." Stuff like that. It sounded to me, for all the world, like that's where DigiCash was going to sell its stuff to once and for all, and that Lucky had finally freed us from PTO Hell. Now, somebody tells me, (the very person who told me that real soon now was tomorrow -- two months ago ;-)) that there's a dark horse out there, somebody nobody has ever heard of was offering the most money to date for the DigiCash IP portfolio, though still not enough for Loftesness and DigiCash apparently. The court date is in a week (or two?) and that, once and for all, this whole mess would be over. Of course, this is, again, from someone who's predicted this once before :-). Unfortunately, nobody had any idea who this guy was except for his name and address, much less what he's going to do with the DCIP when he gets it. My informant wouldn't tell me who this guy was, but I bet someone out there on these list knows, and with an actual name and location, we could probably have some fun with Bloomberg, Dialog, Nexis, etc.. So, anyone out there who knows wanna share who this guy is? :-). Cheers, RAH - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
RE: A DigiCash Darkhorse?
I love it when a plan comes together... However, from a financial perspective, Vancouver always makes me nervous... Cheers, RAH --- begin forwarded text Date: Wed, 5 May 1999 12:35:29 -0700 (PDT) From: Not Chaum [EMAIL PROTECTED] Subject: RE: A DigiCash Darkhorse? To: [EMAIL PROTECTED] www.ruloffcapital.com _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Kroll hires Sameer Parekh, Jon Callas
--- begin forwarded text Date: Mon, 26 Apr 1999 22:45:13 -0400 From: "Robert A. Hettinga" [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Kroll hires Sameer, Jon Callas http://biz.yahoo.com/prnews/990426/kroll_adds_1.html Yahoo - Kroll-O'Gara's Information Security Group Adds More Professionals From Who's Who List in Network Security and Business Management snippage Monday April 26, 8:31 am Eastern Time Company Press Release SOURCE: Kroll-O'Gara Company Kroll-O'Gara's Information Security Group Adds More Professionals From Who's Who List in Network Security and Business Management Kroll-O'Gara's Newest Division Attracts the Industry's Best Talent to Help Companies Mitigate Risk as They Implement E-Commerce Strategies PALO ALTO, Calif., April 26 /PRNewswire/ -- In response to the growing demand for its network assessment and security services, the newest division of The Kroll-O'Gara Company (Nasdaq: http://quote.yahoo.com/q?s=krogd=tKROG - http://biz.yahoo.com/n/k/krog.htmlnews), the Information Security Group (ISG), today announced the additional hiring of four established network security professionals and a chief operating officer. Sameer Parekh, Jon Callas, Jamie C. Pole, and R.J. Schlecht all join the Information Security Group as senior security consultants where they will be responsible for providing comprehensive security services that assist companies to mitigate risk as they move to implement e-commerce and other network-dependent strategies. Mary Dobbs Corroon joins the ISG as chief operating officer. Featured on the cover of both Microtimes and Forbes, Sameer Parekh has been active in Internet-related privacy, security, and cryptography issues since 1990. Parekh joins ISG after founding C2Net Software where as CEO he pioneered a program to develop encryption software internationally in order to expand worldwide sales. C2Net's flagship product, Stronghold, is the most popular full-strength encrypting Web server. Parekh continues to be active at C2Net as its chairman and is a member of the board of directors for the Apache Software Foundation. Mary D. Corroon comes from First Data Corporation where she held several positions and most recently was responsible for providing strategic e-business consulting services for clients. Other responsibilities at First Data included the creation and management of a targeted consumer marketing partnership with client financial institutions. Previously, Corroon held the position of associate partner at Andersen Consulting. As co-author of the OpenPGP specification and chief technology officer of the Total Network Security division of Network Associates, Jon Callas has a diverse, ten-year background in the information security industry. During his tenure at Network Associates, Callas was instrumental in the complex integration of X.509 digital certificates with the latest version of PGP, as well as co-author of the IETF RFC 2440 on OpenPGP. As founder and CEO of J.C. Pole Associates, Jamie C. Pole established an international consulting firm specializing in information security, electronic warfare, and industrial espionage countermeasures for Fortune 100 class corporations. Previously, he held the position of vice president, regional head, of data security at Deutsche Bank, A.G. Robert J. Schlecht joins ISG from Interlink Computer Sciences where, as director of security development, he successfully delivered an IETF IPsec-compliant virtual private network (VPN) product to provide scalable, end-station to end-station encryption for Fortune 1000 companies. ``For a company to successfully leverage its e-business strategies, it will require expertise from network and security professionals to reduce the level of associated risk,'' stated Dr. Taher Elgamal, president, Information Security Group of Kroll-O'Gara. ``The planning of a secure network demands specialists not always found in-house. The addition of these proven professionals to our existing staff allows us to further build our management team and meet the growing security needs of our clients.'' New Address for Kroll-O'Gara's Information Security Group In anticipation of continuing growth and the need for a larger product testing laboratory, the Information Security Group of Kroll-O'Gara has just completed their move to new offices at 3600 West Bayshore Boulevard, Suite 200, Palo Alto, CA 94303; Telephone: 650-812-9400; Fax: 650-812-9401. The ISG can also be reached via the Internet at http://www.kroll-ogara.comwww.kroll-ogara.com. About the Information Security Group The Information Security Group (ISG) of Kroll-O'Gara is composed of highly regarded industry experts that provide objective information security services to businesses and government agencies. These services include network and system security review and repair, product assessment, the creation and implementation of security policies, architecture and design, and training. They also employ
PGP 6.02i Now Available for the MacOS
--- begin forwarded text Date: Thu, 15 Apr 1999 23:05:47 -0400 From: Robert Guerra [EMAIL PROTECTED] To: Macintosh Cryptography MailingList#PGP [EMAIL PROTECTED] cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: PGP 6.02i Now Available for the MacOS Originator-Info: login-id=rguerra; server=mail.interlog.com Sender: [EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED]?subject=subscribe%20mac-crypto I just checked the international pgp site (www.pgpi.com), and it seems that the Mac version of PGP 6.02 is now available. Any comments / suggestions on its performance and feature set would be appreciated (privately, off the list...please) regards robert --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
DCSB: Chris Wysopal, L0pht; Client Security in Digital Commerce
--- begin forwarded text Date: Mon, 12 Apr 1999 11:50:48 -0400 To: [EMAIL PROTECTED], [EMAIL PROTECTED] From: Robert Hettinga [EMAIL PROTECTED] Subject: DCSB: Chris Wysopal, L0pht; Client Security in Digital Commerce Cc: Chris Wysopal [EMAIL PROTECTED], Ron Rivest [EMAIL PROTECTED], [EMAIL PROTECTED] (Nelson Minar) Sender: [EMAIL PROTECTED] Reply-To: Robert Hettinga [EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- The Digital Commerce Society of Boston Presents Chris Wysopal Hacker, L0pht Heavy Industries Client Security: You've got armored trucks, but what about the pick pockets? Tuesday, May 4th, 1999 12 - 2 PM The Downtown Harvard Club of Boston One Federal Street, Boston, MA Everyone in ecommerce these days is peddling better vaults for stores and stronger armored cars to deliver payments and merchandise. Does this really matter in an Internet world where you can pick the pocket of a consumer? Or more likely, to automate the pocket picking of a large number of consumers. Current authentication and purchasing systems rely on consumers using off the shelf operating systems such as windows 95/98. This is the operating system which Microsoft has admitted to having no security model. Current ecommerce client security is layering strong encryption on this bed of jello. What are some of the attacks that are being used? What technology can be used to overcome this problem? Chris Wysopal has a computer engineering degree from Rensselaer Polytechnic Institute, but almost all of what he knows about computer security he has learned from his exploration of computers as a hacker for the past 15 years. As an associate of L0pht Heavy Industries he has worked to expose the "snake oil" in the computer security industry and tried to make the general public aware of the just how fragile the internet and security products are. Last May he testified as a computer security expert before the Senate Governmental Affairs Committe and has appeared on several TV documentaries and news programs, including the BBC, CBC, ZDTV, FOX News, and The Jim Lehrer News Hour. This meeting of the Digital Commerce Society of Boston will be held on Tuesday, May 4, 1999, from 12pm - 2pm at the Downtown Branch of the Harvard Club of Boston, on One Federal Street. The price for lunch is $32.50. This price includes lunch, room rental, various A/V hardware, and the speakers' lunch. The Harvard Club *does* have dress code: jackets and ties for men (and no sneakers or jeans), and "appropriate business attire" (whatever that means), for women. Fair warning: since we purchase these luncheons in advance, we will be unable to refund the price of your lunch if the Club finds you in violation of the dress code. We need to receive a company check, or money order, (or, if we *really* know you, a personal check) payable to "The Harvard Club of Boston", by Saturday, May 1st, or you won't be on the list for lunch. Checks payable to anyone else but The Harvard Club of Boston will have to be sent back. Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston, Massachusetts, 02131. Again, they *must* be made payable to "The Harvard Club of Boston", in the amount of $32.50. Please include your e-mail address, so that we can send you a confirmation If anyone has questions, or has a problem with these arrangements (We've had to work with glacial A/P departments more than once, for instance), please let us know via e-mail, and we'll see if we can work something out. Upcoming speakers for DCSB are: JuneRon Rivest MIT Deep Crack = MicroMint? JulyTBA We are actively searching for future speakers. If you are in Boston on the first Tuesday of the month, and you are a principal in digital commerce, and would like to make a presentation to the Society, please send e-mail to the DCSB Program Commmittee, care of Robert Hettinga, mailto: [EMAIL PROTECTED]. For more information about the Digital Commerce Society of Boston, send "info dcsb" in the body of a message to mailto: [EMAIL PROTECTED] . If you want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a message to mailto: [EMAIL PROTECTED] . We look forward to seeing you there! Cheers, Robert Hettinga Moderator, The Digital Commerce Society of Boston -BEGIN PGP SIGNATURE- Version: PGP for Personal Privacy 5.5.5 iQEVAwUBNxIWMcUCGwxmWcHhAQEFnAf+OyppOq4cww9cHn2jipioeCH1Y3VD3f5Q seK+GuLsN14DJEFYvELEzn1MjQZpGwilnP+07sDBfx/+Cw79hs78EngzPjygjMiV qFFHqsGHpKUtltALylUtcOPj2E4j63c6faf56GoTpl316wXWHBZreua3w7ovhz3K quNm7jT09xd+Hq4gdzVfmckGUE5W7afQS5kaaAxpgnIWXnd21xWaUAe7sNMLz99L UbvodRWvpGj85qn5t3PrqbiFRWazTTWhMmv8KY9usVGVQPD/zUERLrctbonOI9AS /7BAL9FGX/ZwZT30nEI2k21CL
RSA invention
--- begin forwarded text Date: Thu, 8 Apr 1999 07:39:47 -0400 (EDT) From: Ron Rivest [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: "'[EMAIL PROTECTED]'" [EMAIL PROTECTED], "'[EMAIL PROTECTED]'" [EMAIL PROTECTED], "'[EMAIL PROTECTED]'" [EMAIL PROTECTED] Subject: RSA invention Sender: [EMAIL PROTECTED] Reply-To: Ron Rivest [EMAIL PROTECTED] Dear Michael Purser -- I am surprised by your gratuitous speculation about the history of RSA (copied below). Anyway, to answer the question you raised (you asked for an answer from "someone WHO KNOWS", and I know): Adi Shamir, Len Adleman, and I invented RSA without any information whatsoever from any classified sources. The only information sources we used were the Diffie-Hellman paper and other public documents and books. We did not "overhear any informal talk" about other alleged developments elsewhere. Indeed, at times we were rather discouraged about the whole idea of public-key cryptography, and tried to prove it impossible. Speaking of ethics, let me turn the tables on you. What is happening with the Cayley-Purser algorithm that has received so much publicity because of Sarah Flannery's involvement? We have yet to see details. The latest I've heard is that this algorithm will not be published until much later this year, because you have now decided to review it more closely before publication. Has a security bug been discovered in this algorithm? Is the actual performance less than advertised? I think it is time for you to come clean and show us what all the hype is about... (And of course, you should reveal any and all sources that were used in the development of this algorithm, including any and all "informal talk" you may have overheard...) Cheers, Ron Rivest --- Start of forwarded message --- From: Michael Purser [EMAIL PROTECTED] To: "'Michael J. Markowitz'" [EMAIL PROTECTED] Subject: RE: P1363: Biprime Cryptography to replace RSA? Date: Thu, 8 Apr 1999 10:04:56 +0100 Reply-To: Michael Purser [EMAIL PROTECTED] - -- This is a stds-p1363 broadcast. See the IEEE P1363 web page (http://grouper.ieee.org/groups/1363/) for more information, including how to subscribe/unsubscribe. - -- As I understand it, the RSA algorithm was invented years previously by Cocks in GCHQ in the UK and published in several internal documents. Given the close collaboration between GCHQ and US Intelligence and MIT it is incredible to me that Rivest et al. re-invented the scheme several years later independently. They may not have copied it directly, but they probably overheard enough informal talk to give them all the clues necessary. Then being good Americans (of the USA variety) they claimed it was their own, patented it ( yes patented an algorithm - I'm surprised they didn't patent long division or the extraction of square roots) and set about making money from it! And now there's to be a trademark. I suggest a good trademark would be SINVERGUENZA. (If this reading of history is wrong I would much appreciate learning the truth from someone WHO KNOWS. Myself? I first learned of public-key cryptography from Donald Davies of the UK's National Physical Laboratory in 1977. No doubt he and others like him know what really happened - but they are bound by the Official Secrets Acts..) - -- From: Michael J. Markowitz Sent: 07 April 1999 21:54 To: Russell Nelson Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject:Re: P1363: Biprime Cryptography to replace RSA? - -- This is a stds-p1363 broadcast. See the IEEE P1363 web page (http://grouper.ieee.org/groups/1363/) for more information, including how to subscribe/unsubscribe. - -- At 08:23 PM 4/6/99 +, Russell Nelson wrote: If RSA wants people to not use their trademark, they should start promoting the generic name. RSA(tm) brand BiPrime Factoring. To promote something by which others may profit sounds like the antithesis of MONOPOLIZATION, no? - -mjm == Michael J. Markowitz, VP RD Email: [EMAIL PROTECTED] Information Security Corporation Voice: 847-405-0500 1011 Lake Street, Suite 212Fax: 847-405-0506 Oak Park, IL 60301WWW: http://www.infoseccorp.com --- End of forwarded message --- --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
PGP 6.5/PGPnet Announcement!
--- begin forwarded text Date: Mon, 05 Apr 1999 16:58:51 -0700 From: Will Price [EMAIL PROTECTED] Subject: PGP 6.5/PGPnet Announcement! To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED]?subject=subscribe%20mac-crypto -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 PGP 6.5 was released today to much fanfare. This afternoon at the Network Associates Colliseum "The Net" in Oakland prior to the opening of the baseball season there, Network Associates announced its Active Security product line of which PGP 6.5 is the client desktop solution. There are a number of exciting new features in PGP 6.5, the highlights of which are summarized below. This message is being sent to the users, and may have more details than our press releases. For more information, you may wish to read the long list of NAI press releases from today. PGPnet is clearly the lion's share of the additions in PGP 6.5. The summary below cannot possibly do it justice. PGPnet is a complete IPSec implementation for Windows and Mac. Total TCP/IP security, interoperable with other vendors and even interoperable with X.509 certificates and other PKIs. PGPnet is not just a VPN (Virtual Private Network) solution. PGPnet is, to use a phrase that I believe John Gilmore coined, a RPN (Real Private Network). It allows secure connections to any other PGPnet/IPsec host on the internet regardless of whether you have communicated with that host previously, without preconfiguration of that host. If everyone ran PGPnet or another RPN client, the whole Internet could be secure. PGPnet supports authentication with OpenPGP keys, X.509 certificates from the Network Associates Net Tools PKI, VeriSign OnSite, and Entrust (in beta), and also supports non-certificate based authentication with Shared Secret where both parties simply hold a common passphrase. Unlike TLS/SSL and other transport layer security protocols, PGPnet sits at the IP layer, and thus is able to encrypt and authenticate all traffic rather than just web traffic. Indeed, PGPnet can even be used to secure third party videoconferencing apps, file transfers, web sites, email servers, and pretty much anything you can run over TCP/IP. Some details: * Today's announcement coincides with the immediate availability of PGP Desktop Security 6.5 for Windows NT 4.0 only, and only the Desktop Security version has been released. This product is mainly for enterprise level users. * The Windows 95/98 and Macintosh versions will ship later this quarter, Q2 '99 as PGP 6.5.1. All the usual Personal and Freeware versions will be available then, and source code will be printed. All of the features below are implemented on all the platforms, although the wording below may be somewhat Windows-specific because today's release is only for NT. _ NEW FEATURES IN 6.5.0 1. PGPnet. PGPnet is a landmark product in the history of PGP. PGPnet secures all TCP/IP communications between itself and any other machine running PGPnet. It is also fully interoperable with the Gauntlet GVPN gateway providing a complete solution for corporate remote access VPNs using the industry standard IPSEC (Internet Protocol Security) and IKE (Internet Key Exchange) protocols. It is also interoperable with other IPSEC products that implement the standard. 2. Self-Decrypting Archives. You may now encrypt files or folders into Self-Decrypting Archives (SDA) which can be sent to users who do not even have PGP. The archives are completely independent of any application, compressed and protected by PGP's strong cryptography. 3. X.509 Certificate and CA Support. PGP is now able to interoperate with the X.509 certificate format. This is the format used by most web browsers for securing the transfer of web pages. PGP supports the request of certificates from Network Associates' Net Tools PKI, and VeriSign certificate authorities. X.509 certificates are analogous to a PGP signature, so you can even request X.509 certificates on your existing PGP key. This feature can also be used to interoperate with existing VPN solutions based on X.509. 4. Automated Freespace Wiping. PGP's Freespace Wipe feature now allows you to use the Windows Task Scheduler to schedule periodic secure wiping of the freespace on your disk. On the Macintosh, this feature is implemented through AppleScript support. 5. Hotkeys. The Use Current Window feature has been significantly enhanced by the addition of Hotkeys. By pressing the configured key combination, the Encrypt/Decrypt/Sign functions can be automatically invoked in 0 clicks without using PGPtray. On the Macintosh, this feature adds the ability to use Command key equivalents to PGPmenu. - -- Will Price, Architect/Sr. Mgr., PGP Client Products Total Network Security Division Network Associates, Inc. Direct (408)346-5906 Cell/VM
KeyNote draft available, FYI
--- begin forwarded text To: [EMAIL PROTECTED] Subject: KeyNote draft available, FYI Date: Sun, 28 Mar 1999 22:53:11 -0500 From: Matt Blaze [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] [I just sent this to the [EMAIL PROTECTED] list, but it may be of interest to some here, so forgive me if you've already seen this. -matt] We have just about finished what we believe is the "stable" version of the KeyNote trust management language and reference implementation. We expect to have the informational RFC describing the language submitted sometime next week and the official reference implementation available at about the same time. I believe our design meets a wide range of requirements. We are using KeyNote for a number of interesting projects, as are some other researchers and developers. If you'd like an advance peek at what we're up to, I've put up a copy of the draft for anonymous FTP at ftp://ftp.research.att.com/dist/mab/kndraft.txt This is a draft that's likely to change slightly before being submitted, so please do not redistribue or mirror it. We'd appreciate your comments, either to me directly or on the trustmgt list. KeyNote is a small, flexible trust management system designed to be especially suitable for Internet-style applications. KeyNote provides a single, uniform language for specifying security policies and credentials, and can be used as an application policy description language as well as as a format for public-key credentials. KeyNote is a joint project of M. Blaze, J. Fiegenbaum, J. Ioannidis, and A. Keromytis. The KeyNote language and implementation are virtually without intellectual property constraints (as far as we know). We have not patented the KeyNote system or trust management generally (although of course anyone, including us, could invent and patent some specific novel application of trust management based on KeyNote). We might file a trademark on the name "KeyNote". Other than that, you can just use it. The KeyNote reference implementation will be available under a Berkeley-style open source license. I welcome your comments on our design. -matt --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Hiro Cypherpunk
--- begin forwarded text Resent-Date: Thu, 25 Mar 1999 18:25:11 -0500 Date: Thu, 25 Mar 1999 15:22:15 -0800 (PST) From: Christopher Allen [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject: Re: SF books Resent-From: [EMAIL PROTECTED] Resent-Sender: [EMAIL PROTECTED] On Wed, 24 Mar 1999 [EMAIL PROTECTED] wrote: Vernor Vinge (Fire Upon the Deep) and Bruce Sterling (Islands in the Net) are two authors who have influenced how wearable researchers think about their science. Each has a new book: I don't know if this has wearables in it, but Neal Stephenson (Snow Crash), the author who gave us "gargoyles," will have a new book out in May called "Cryptonomicon." Summary here: http://www.avonbooks.com/avon_user/book.html?book_id=39336 -Chris -- Subcription/unsubscription/info requests: send e-mail with subject of "subscribe", "unsubscribe", or "info" to [EMAIL PROTECTED] Wear-Hard Mailing List Archive (searchable): http://wearables.blu.org --- end forwarded text CRYPTONOMICON Neal Stephenson, writer U.S. $29.50 / CAN $39.50 Hardcover Imprint: Avon May, 1999 ISBN: 0-380-97346-4 Category: Fiction; Sub-Category: Thriller Pages: 928 With this extraordinary first volume in what promises to be an epoch-making masterpiece, Neal Stephenson hacks into the secret histories of nations and the private obsessions of men, decrypting with dazzling virtuosity the forces that shaped this century. In 1942, Lawrence Pritchard Waterhouse - mathematical genius and young Captain in the U.S. Navy - is assigned to detachment 2702. It is an outfit so secret that only a handful of people know it exists, and some of those people have names like Churchill and Roosevelt. The mission of Watrehouse and Detatchment 2702-commanded by Marine Raider Bobby Shaftoe-is to keep the Nazis ignorant of the fact that Allied Intelligence has cracked the enemy's fabled Enigma code. It is a game, a cryptographic chess match between Waterhouse and his German counterpart, translated into action by the gung-ho Shaftoe and his forces. Fast-forward to the present, where Waterhouse's crypto-hacker grandson, Randy, is attempting to create a "data haven" in Southeast Asia - a place where encrypted data can be stored and exchanged free of repression and scrutiny. As governments and multinationals attack the endeavor, Randy joins forces with Shaftoe's tough-as-nails grandaughter, Amy, to secretly salvage a sunken Nazi sumarine that holds the key to keeping the dream of a data haven afloat. But soon their scheme brings to light a massive conspiracy with its roots in Detachment 2702 linked to an unbreakable Nazi code called Arethusa. And it will represent the path to unimaginable riches and a future of personal and digital liberty...or to universal totalitarianism reborn. A breathtaking tour de force, and Neal Stephenson's most accomplished and affecting work to date, CRYPTONOMICON is profound and prophetic, hypnotic and hyper-driven, as it leaps forward and back between World War II and the World Wide Web, hinting all the while at a dark day-after-tomorrow. It is a work of great art, thought, and creative daring; the product of a truly icon Read reviews for CRYPTONOMICON. Bard | Eos | Mystery | Romance | Goners | Young Readers Home | How to Order | Events | Search ©1998 The Hearst Corporation. Parental guidance suggested. Inquiries may be forwarded to [EMAIL PROTECTED] - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Newsnight Crypto Bazaar
--- begin forwarded text Date: Thu, 18 Mar 1999 00:39:40 + To: [EMAIL PROTECTED] From: "Helen Chesterman" [EMAIL PROTECTED] (by way of Fearghas McKay [EMAIL PROTECTED]) Subject: Newsnight Crypto Bazaar Reply-To: "Usual People List" [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED]?subject=subscribe%20usual A short summary of the Newsnight item. A representative of some international police quango espoused key escrow and was quickly rubbished by the recent government u-turn - motivated by commercial concerns - not privacy or individual rights. Duncan Campbell gave his usual factual, unemotive account. Good man Dunc. However, no one seems to listen to what he says. - the NSA routinely intercept email traffic by diverting it through Maryland or NY. - GCHQ has the right to "alter to intercept and alter any electo magnetic communication" Yet we still have "Internet Consultants" saying that don't worry, the police have to go through the courts/Home secretary to monitor your phones. What's the point when the intelligence services have carte blanche anyway? Then and IT medic extoled the virtues of the medical profession (who still embrace ECT) saying that each doctor should be issued with his own personal key to access patients records. Yeah right. What he failed to mention is that the insurance industry effectively has full access to your medical records - no access - no insurance. John Carr, an "Internet Consultant", who specialised in advising childrens charities (um) spouted the old "the internet is full of paedeophiles" and other criminals - the same old arguments which time and time again have been shown to be crass. Then he stated that the police must go before court/home sec before they can tap your line - yeah and GCHQ et al can do what the hell they like! Both Diffie and Zimmerman provided sane input - Zimmerman in particular stated the point - "the police should stick to traditional methods" - some sense at last. Love Helen Get Your Private, Free Email at http://www.hotmail.com --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Multilateral Security in Communications
--- begin forwarded text From: [EMAIL PROTECTED] To: Digital Commerce Society of Boston [EMAIL PROTECTED] Date: Thu, 18 Mar 1999 08:28:37 +0100 Subject: Multilateral Security in Communications Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Dear Ladies and Gentlemen, Please find enclosed a Preliminary Announcement of our Conference "Multilateral Security in Communications" which will be held on 16-17 July 1999 in Stuttgart, Germany. This event is not only the summit conference of the Kolleg "Security in Communications", presenting the results the Kolleg produced, but it will also bring together leading decision-makers from politics, business and science to determine, for example, if and what regulation can help to secure the usage of our virtual infrastructures. The list of speakers is not yet complete - prominent speakers, who will present international information infrastructure initiatives, will be added - but please take a look at the agenda and also at our list of exhibitors presenting state-of-the-art security solutions as well as research prototypes. The conference languages are English and German (simultaneous translation). More information can be found under http://www.iig.uni-freiburg.de/msc/ or simply send an email to [EMAIL PROTECTED] Looking forward to meeting you in Stuttgart. Prof. Dr. Guenter Mueller Dr. Kai Rannenberg Boris Padovan -- Preliminary Announcement Conference Multilateral Security in Communications 16-17 July 1999 Haus der Wirtschaft Stuttgart, Germany -- Agenda 16 July 1999 Chair Prof. Dr. Gisbert zu Putlitz Gottlieb Daimler- und Karl Benz-Stiftung Opening - Baden-Wuerttemberg Technology Initiatives Minister Dr. Christoph-E. Palmer Ministry of State Baden-Wuerttemberg Security and Economy Dr. Manfred Gentz DaimlerChrysler AG Multilateral Security - Road Map for the Future Prof. Dr. Guenter Mueller IIG Telematik, Freiburg University Experiences with Technology Dr. Kevin McCurley IBM Almaden Research Technology for Security Prof. Dr. Andreas Pfitzmann Dresden University of Technology Infrastructures and Regulation Siegmar Mosdorf German Federal Ministry of Economics and Technology Experiences with Open Networks Dr. Steve Bellovin ATT Research Shannon Labs, IETF Future Research Considerations Dr. Reinhard Grunwald Deutsche Forschungsgemeinschaft Telecommunications and Security Dr. Hagen Hultzsch Deutsche Telekom AG Business, Users and Security Hermann-Josef Lamberti Deutsche Bank AG Reception (7.30 p.m.) Live Demonstration of Security Issues Dr. Charles Palmer IBM Global Systems Analysis Laboratory, USA Deutsche Telekom AG (open to all conference visitors) 17 July 1999 Human Factors and Security Prof. Dr. Georg Rudinger Bonn University Security and E-Commerce in Japan Dr. Ryoichi Sasaki Hitachi 3 Parallel Technical Tracks Track 1: Technical Building Blocks 6 presentations including - Secure Devices - Reachability Management - Security Management - Network Security Track 2: Infrastructures 6 presentations including - Digital Signature and PKI Trends - Allocation of Security Functionality - Protection in Mobile Communication - Unobservability in Open Systems Track 3: Trust and Usability 6 presentations including - User's Perspectives - Security and Risk Perception - Analysis and Evaluation - Simulation Studies
Re: add-on crypto hardware
--- begin forwarded text Date: Thu, 18 Mar 1999 11:27:04 -0500 To: "Steven R. Taylor" [EMAIL PROTECTED] From: Frank Jaffe [EMAIL PROTECTED] Subject: Re: add-on crypto hardware Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] (Dale R. Worley), [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Reply-To: Frank Jaffe [EMAIL PROTECTED] Steve, Just a quick note. In the US Treasury pilot, the SafeKeyper is actually being used to sign the echecks as well. Smartcards are being used by the payee's (Department of Defenese Vendors) to endorse the echecks for deposit, and by the Department of Defense to authorize the payments. The US Treasury has very stringent security requirements, and requires that dual (or more) controls be in place at every point in the payment cycle. They meet this requirement in several ways. First, payments are authorized by the Department of Defense officers responsible for approving the payments. Two officers each independently digitally sign a payment instruction file. These officers are using smart cards for this signature. The signed payment instruction file is then sent to the US Treasury using a doubly encrypted link (using hardware encryption provided by IRE). When received by the Treasury, the signatures are verified, and then the payment instruction file is converted to echecks. There is a manual summary total review to confirm that the amounts and number of payments are as expected and approved. Assuming life is good at this point, then the Treasury officers each use their security keys to enable the SafeKeyper to sign and issue the echecks. Treasury's concerns include not only the security of the operating system, but also the security of the network, and the potential for information warfare like attacks. The system, both technology and procedures, has been designed to address those concerns. If folks are interested in more details, I can disclose a bit more, but not to a general public mailing list. Please contact me directly. At 3/17/99 03:44 PM , Steven R. Taylor wrote: At 12:01 PM -0500 3/16/99, Dale R. Worley wrote: snip This led me to recall seeing an article back in the 1970's in an IBM journal about an add-on crypto hardware module for the IBM 360. Its essential value was that all crypto keys would be held in the module, and data would be passed to the module for processing. (Keys would be delivered to the module encrypted under a master key that the module knew, but not the OS.) I suspect that this is a problem that has been thought about a lot in the intelligence community. You're right. I don't know of the IBM module to which you refer, but BBN worked with various security agencies in the past to create a "signer" whose keys never leave the box. It was originally done to support secure mail in the defense environment. It was designed for exactly the situation you describe - a place where you can't trust the OS nor the path through the OS for a PIN. Everything is done in the box. You can see more detail at: http://www.bbn.com/groups/cybertrust/solutions/safekeyper/index.htm It's currently being used in the echeck pilot at the US Treasury as well as other interesting places. The signing of individual checks is done with smart card technology, but the signatures for bank credentials and other important parts of the system are done inside the SafeKeyper. You can see more about the system at: http://www.echeck.org The keys themselves are generated inside the box - they literally can't get out in any usable form. They can be backed up for disaster recovery but it is done is such a way as to require the user's physical interaction to reload, etc. The box and it's code, etc get vetted by whatever security organization is involved. The most public is FIPS 140-1 Level 3 certification. Steve For help on using this list (especially unsubscribing), send a message to "[EMAIL PROTECTED]" with one line of text: "help". -- Frank Jaffe (V) 617-434-1838 (F) 617-434-9889 (E) [EMAIL PROTECTED] For help on using this list (especially unsubscribing), send a message to "[EMAIL PROTECTED]" with one line of text: "help". --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
www.eCoin.net -- a newly developed Web Micropayment System
--- begin forwarded text Date: Thu, 18 Mar 1999 15:57:01 -0500 From: Steve Lihn [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], w3c-micropay [EMAIL PROTECTED], "[EMAIL PROTECTED]" [EMAIL PROTECTED] Subject: www.eCoin.net -- a newly developed Web Micropayment System Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] eCoin Inc. ( http://www.ecoin.net ) invites you to a newly developed web-based micropayment system. The eCoin system allows the users to download tokens ( free tokens and USD tokens) to eCoin Wallet (by credit card) and make micropayment purchase by clicking on the price tag embeded in merchant's webpages. The price tag is displayed by means of eCoin plugin, the Wallet Manager (release 1.04). The Wallet Manager will handle all the transaction details for both users and merchants. The implementation for merchant is very simple. A web-based wizard will guide the merchant developer through to set up the EMBED tag. Virtually in a few minutes, the merchant can set up a page interfaced with eCoin Wallet. eCoin Wallet works with static html, dynamic html, FORMs. Sample Vendors are available to demostrate the full capacity of eCoin system. If you are a web content provider ( meaning you have lots of reports, data, graphics, games, services for micropayment), you must visit our site. http://www.ecoin.net/ Steve Lihn [EMAIL PROTECTED] --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
NEW: Payment Systems International (AIB) - int'l payment systems
--- begin forwarded text Date: Tue, 16 Mar 1999 10:21:20 -0500 Reply-To: [EMAIL PROTECTED] Sender: NEW-LIST - New List Announcements [EMAIL PROTECTED] From: Ray Gabriel [EMAIL PROTECTED] Subject: NEW: Payment Systems International (AIB) - int'l payment systems To: [EMAIL PROTECTED] From: Ray Gabriel - Payment Systems International (AIB) [EMAIL PROTECTED] Hello, The Association for International Business is pleased to announce a new industry e-list called: Payment Systems International (AIB). If the new global economy is to continue to expand and prosper, new and innovative approaches/systems and schemes will be needed to assure payment between international buyers, sellers and service providers. One current major problem, for example, is in the area of micro-payments for small transactions between two countries. Also discussed is taxation by local and international agencies on these payments. We'll explore and test these systems and identify the ones that work, and the ones that don't. To get INFORMATION: Send the message with INFO PAYMENT-SYSTEMS-DIGEST in the message BODYto to [EMAIL PROTECTED] To SUBSCRIBE: = 1. Visit AIB World's SUBSCRIBE page at: http://www.aib-world.org/subscribe.shtml or 2. Send the mail to: [EMAIL PROTECTED] with the message: SUB PAYMENT-SYSTEMS-DIGEST in the BODY (NOT the SUBJECT:) of your message. moderator/host: Ray Gabriel, Managing Director Association for International Business, Inc. a nonprofit education association - http://www.aib-world.org with 9,000 members in 160 countries growing a worldwide knowledge-base / people-base! ***The NEW-LIST mailing list is a service of the Internet Scout Project ( http://scout.cs.wisc.edu/ )*** --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Interesting website
Just in case you thought that "Financial Cryptography" was trademarked. :-). I deliberately *didn't* trademark "financial cryptography" when I started to use it, or when I started the FCXX conference, two years later. My understanding is that, as a result, nobody can trademark it now. So, let a thousand websites bloom. Cheers, RAH --- begin forwarded text Date: Tue, 16 Mar 1999 16:36:51 -0500 To: [EMAIL PROTECTED] From: Jim Ray [EMAIL PROTECTED] Subject: Interesting website http://www.FinancialCryptography.com/ Charlie's kid is cute, isn't she? Your readers may be interested in this, feel free to forward about at will. :^) We are looking to do a resource to make crypto easy for businessmen. Hope all's well. JMR Regards, Jim Ray [EMAIL PROTECTED] Create a free, easy, no-obligation e-gold account. http://jray.QuickGold.net DH2004bit AE141134 (Preferred, these days) = 9CE2 BA62 6FE6 8287 E1ED B5F2 FFD8 D04C AE14 1134 RSA2000bit A7D63DA9 = 981F 39BA 9386 B4F5 5752 640E DABA 2C71 expires election 2000. --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
hedgehogs and foxes
--- begin forwarded text Date: Sun, 14 Mar 1999 20:53:45 -0600 Reply-To: Digital Signature discussion [EMAIL PROTECTED] Sender: Digital Signature discussion [EMAIL PROTECTED] From: "Jane K. Winn" [EMAIL PROTECTED] Subject: hedgehogs and foxes To: [EMAIL PROTECTED] I have posted to my website at www.smu.edu/~jwinn/hedgehogfox.htm an article about risk management and public and private sector uses of PKI technologies. I will be making a presentation based on this paper on March 26 at a e-commerce law conference organized by Amercian University in Washington DC. I would be delighted to receive comments or criticisms on the draft, either before or after I make the presentation. jkw Jane Kaufman Winn [EMAIL PROTECTED] Associate Professor www.smu.edu/~jwinn Southern Methodist University www.virtual-langdell.com School of Law tel: (214) 768-2583 Dallas, Texas 75275-0116fax: (214) 768-4330 ' --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
(CFP) ACM Conf. on E-Commerce
--- begin forwarded text Date: Sun, 14 Mar 1999 21:28:42 -0500 To: [EMAIL PROTECTED] From: Michael Wellman [EMAIL PROTECTED] Subject: (CFP) ACM Conf. on E-Commerce Bob Hettinga, Thought you and your mailing list(s) might be interested. Announcement and preliminary Call for Papers: ACM Conference on Electronic Commerce (EC-99) 3-5 November 1999 Denver, Colorado, USA (at the same time as OOPSLA) sponsored by: ACM Special Interest Group on E-Commerce (SIGecomm) The first annual ACM Conference on Electronic Commerce (EC-99) will feature invited talks, panel discussions, and refereed paper presentations covering all areas of electronic commerce. Although a natural focus will be on computer science issues, we expressly welcome technical research contributions from economics, law, and other relevant disciplines. Topics within the scope of the conference include but are not limited to: Auction and negotiation technology Automated shopping and trading Commerce-oriented middleware services Computational markets for information services Cryptographic techniques and applications Economic analysis Formation of supply chains, coalitions, and virtual enterprises Intellectual property license management Languages for describing goods, services, and contracts Legal issues Marketing and advertising technology Network pricing and differential QoS Payment and exchange protocols Privacy issues Reputation and trust mechanisms and issues Security issues and methods Social implications Software requirements and architectures for e-commerce Visualization of market activity SUBMISSIONS Submitted papers will be evaluated on significance, originality, technical quality, and exposition. They should clearly establish the research contribution, its relevance to electronic commerce, and its relation to prior research. Accepted papers will be presented at the conference, and included in the published proceedings. Submissions may be up to 6000 words, and may not have appeared before (or be pending) in a journal or conference with published proceedings, nor may they be under review or submitted to another forum during the EC-99 review process. Electronic submissions (in PDF or postscript format) are strongly preferred. Papers should be sent by 25 May 1999 to: [EMAIL PROTECTED] In addition, we request that a separate ASCII title page be sent to the same address by the same date, including the title, author(s), contact information, and abstract. TIMETABLE 25 May 99: Electronic title pages due 25 May 99: Paper submissions due 15 Jul 99: Author notifications 1 Sep 99: Camera-ready copy due 3 Nov 99: Conference begins CONFERENCE OFFICIALS General Chair: Stuart Feldman, IBM Program Chair: Michael Wellman, Univ Michigan Program Cmte: Jack Breese, Microsoft Sverker Janson, SICS Manoj Kumar, IBM Jeffrey MacKie-Mason, Univ Michigan Pattie Maes, MIT Mark Manasse, Compaq Clifford Neuman, USC/ISI Noam Nisan, Hebrew Univ/IDC-Herzliya Andrew Odlyzko, ATT Research Michael Reiter, Bell Labs, Lucent Technologies Tuomas Sandholm, Washington Univ Arie Segev, UC Berkeley Doug Tygar, UC Berkeley Jane Winn, SMU Yechiam Yemini, Columbia FURTHER INFORMATION Inquiries and requests to join the mailing list for further information may be directed to: [EMAIL PROTECTED] --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
(Reciprocal)^2 (was Re: @NY Vol. 4, No. 28)
Bill's probably going to lose his lunch-money on this one. Either the copy protection is hacked by cypherpunks for grins :-), or more likely, artists, even the record companies themselves, will bypass it because they will have a cash-settled auction market, paradoxically of sufficiently *small* enough transaction-granularity, to sell their stuff into unprotected. Small enough to get paid for a single play. Over the net. The cheapest place to play things ever built. However, this transaction does tell us how much this bet on internet music distribution is worth. According to the apocryphal venture capital rule of thumb, $15 million is supposed to be worth $150 million in 5 years. There is, however, the, well, reciprocal, of the above equation. The hedge on this investment would be, of course, underwriting lots of cheap, easy-to-use, bearer-settled microcash to the internet. :-). Cheers, RAH At 5:11 PM -0500 on 3/12/99, NPC, Inc. wrote: ^ START-UP GETS $15 MILLION FROM MICROSOFT FOR COPY PROTECTION . . .Reciprocal, the Silicon Alley and Buffalo, NY-based start-up, this week gained $15 million and a major partner in helping it become the standard for how consumers download copyright-protected music, games, and text over the Internet. Microsoft made the equity investment and has entered into a "strategic technology and marketing alliance" with the three-year-old privately-held firm that until recently was known as Rights Exchange. The company is in the business of protecting copyrights online. Reciprocal's technology allows content providers -- record labels, video game developers, e-books distributors -- to encase their digital offerings in a kind of encrypted "shell." After downloading the content, a consumer's software communicates with a Reciprocal database that determines if that consumer is authorized to have access to the file. If that person has paid, filled out a data form, or completed whatever value exchange the content provider requires, the user is allowed to open the file. Were that user to send that content to a friend, though, the file couldn't be opened until the new recipient fulfilled the requirements. Of course, the system, which the company says will work on many different operating systems, isn't immune to hacking. The CEO compares it to a lock on a car door -- a deterrent, not a guarantee. "Our product offering is at the intersection between the MP3 problem, e-books, and software distribution," said Paul Bandrowsky, CEO and President of Reciprocal. "You can imagine the ways in which what we're doing and what Microsoft does could work together." Although Bandrowsky won't get specific, the partnership could involve placing Reciprocal's software on the Windows desktop. Having that kind of distribution would give Reciprocal a leg up in wooing content owners to its platform, since the client software would suddenly have an enormous installed base and content providers wouldn't have to be in the business of distributing the software. "Clearly, it would be advantageous to us that our consumers wouldn't have to get [the software] from another source," hints Bandrowski. Reciprocal (http://www.reciprocal.com) makes its dough from selling the encryption software, running the back-end that checks if a user is authorized, and consulting with content providers to help them develop strategies for making money in an age of digital media. Right now, though, the company, which has approximately 110 employees in Buffalo, New York, and Research Triangle Park, NC, apparently isn't making any dough at all. Its products are in beta or a "controlled implementation" stage, and the company hasn't announced any clients so far. Reciprocal's list of investors, though, is impressive. Besides Microsoft, companies like Chase Capital Partners, Constellation Ventures, Flatiron Partners and SOFTBANK Technology Ventures have stakes in Reciprocal. Although Bandrowski won't say how much of the company Microsoft got for $15 million, he would say that it's a "very insignificant portion". Reciprocal's solution is only one of many fighting it out in the highly competitive digital rights protection arena. IBM is testing a digital music distribution technology it calls "the Madison project." The five major record labels have signed on to participate in the trial. ATT, Real Networks, Sony, and Liquid Audio are also working on solutions to combat the illegal distribution of copyrighted music that's blossomed with the MP3 format. The challenge for Reciprocal and all of these companies is the usual chicken-and-egg problem of introducing a new format. You need plenty of good content in the format to convince consumers to download the software or learn the technology, and you need enough consumers using the technology to convince top-notch content providers to use your solution. The deal with Microsoft, though, may give Reciprocal a leg up on getting the
Stew Baker Sings...
At 2:00 AM -0500 on 3/11/99, [EMAIL PROTECTED] wrote: Title: Survey of International Electronic and Digital Signature Initiat Resource Type: Report Date: Mar 1999 Source: Internet Law Policy Forum Author: Steptoe Johnson LLP Keywords: DIG SIGNATURES ,LEGAL ISSUES,AUTHENTICATION ,COMPARISON Abstract/Summary: The Internet Law Policy Forum commissioned Steptoe Johnson LLP to survey current legislative and regulatory efforts outside of the United States concerning digital and electronic signatures.[1] This report provides a comparison and analysis of electronic authentication initiatives in jurisdictions outside of the United States, including international efforts at the United Nations Commission on International Trade Law (UNCITRAL), the Organization for Economic Cooperation and Development (OECD), and the European Union (EU). This report complements, and in many respects builds on, the ILPF Survey of Electronic and Digital Signature Legislative Initiatives in the United States (the "ILPF US Survey"). The report assumes familiarity with digital signatures and electronic authentication generally; readers desiring more background should refer to the Background and Authentication Models sections of the ILPF U.S. Survey. For ease of reference, this report summarizes the legislative initiatives described herein in the same table format as the ILPF U.S. Survey. Original URL: http://www.ilpf.org/digsig/survey.htm Added: Thu Mar 11 0:41:33 1999 0 Contributed by: Judie - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Privacy Czar Warns Regulation Is Still Possible (was Re: ECARMNEWS for March 09,1999 First Ed.)
At 2:00 AM -0500 on 3/9/99, [EMAIL PROTECTED] wrote: Title: Privacy Czar Warns Regulation Is Still Possible Resource Type: News Article Date: Mar 5, 1999 (1:06 PM) Source: TechWeb Author: Mo Krochmal Keywords: GOVT POLICY ,PRIVACY ,REGULATION ,E-COMMERCE Abstract/Summary: BERKELEY, Calif. -- The White House's newly appointed privacy czar warned that government regulation is still a possibility to protect the privacy of Internet users. Speaking on a panel at the Legal and Policy Framework for Global Electronic Commerce Conference at the University of California-Berkeley on Friday, Peter Swire said he will review federal, private-sector and international privacy issues created by new information technologies. Swire, law professor at Ohio State University who earlier this week was named the first chief counselor for privacy by president Clinton, will begin in his new position next week. Original URL: http://www.techweb.com/wire/story/TWB19990305S0013 Added: Mon Mar 0 8:0:0 14:4 1999 Contributed by: Keeffee - Help with Majordomo commands plus list archives and information is available through the ECARM web page at http://www.ecarm.org/. Sponsored by The Knowledge Connection. - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
WPI Cryptoseminar, Thursday, March 11
--- begin forwarded text Date: Tue, 9 Mar 1999 10:55:28 -0500 (EST) From: Christof Paar [EMAIL PROTECTED] To: "WPI.Crypto.Seminar":; Subject: WPI Cryptoseminar, Thursday, March 11 Sender: [EMAIL PROTECTED] Reply-To: Christof Paar [EMAIL PROTECTED] WPI Cryptography and Information Security Seminar Jens-Peter Kaps GTE CyberTrust Electronic Commerce: An Overview of SET and other Technologies Thursday, March 11 4:00 pm, AK 108 (refreshments at 3:45 pm) Electronic Commerce is not an idea that will be realized in some distant future but it is here today. The value of goods and services sold online amounts to $40 billion in 1998 and is predicted to rise to $900 billion in 2003. In order to make shopping on the Internet secure several technologies have been developed, most notably the Secure Socket Layer (SSL) proposed by Netscape and Secure Electronic Transaction (SET) by Visa, MasterCard, GTE, IBM and others. SSL is widely used and is about to be superseded by Transport Layer Security (TLS) proposed by the Internet Engineering Task Force (IETF). SET is currently being deployed. This presentation will provide an overview of technologies for electronic commerce and discuss both SSL and SET. -- DIRECTIONS: The WPI Cryptoseminar is being held in the Atwater Kent building on the WPI campus. The Atwater Kent building is at the intersection of West and Salisbury Street. Directions to the campus can be found at http://www.wpi.edu/About/Visitors/directions.html TALKS IN THE SPRING '99 SEMESTER: 3/4 Jian Zhao, Fraunhofer Center for Research in Computer Graphics Mobile Agent Security 3/11 Jens-Peter Kaps, GTE CyberTrust Electronic Commerce: An Overview of SET and other Technologies TBA Gerardo Orlando, GTE Government Systems/WPI Galois Field Multiplier Architectures for FPGAs and their Applications to Elliptic Curve Cryptosystems 4/1 Bob Silverman, RSA Labs Zero Knowledge Proofs that an Integer is Hard to Factor 4/9 Thomas Blum, WPI Modular Arithmetic FPGA Architectures for Public-Key Algorithms (MS Thesis Defense) TBA Brendon Chetwynd, Thomas Connor, Sheng Deng, Stephen Marchant, WPI An Algorithm-Agile Cryptographic Coprocessor Based on FPGAs See http://ece.WPI.EDU/Research/crypt/seminar/index.html for talk abstracts. MAILING LIST: If you want to be added to the mailing list and receive talk announcements together with abstracts, please send me a short mail. Likewise, if you want to be removed from the list, just send me a short mail. Regards, Christof Paar WORKSHOP ON CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS (CHES) WPI, August 12 13, 1999 check http://ece.wpi.edu/Research/crypt/ches *** Christof Paar, Assistant Professor Cryptography and Information Security (CRIS) Group ECE Dept., WPI, 100 Institute Rd., Worcester, MA 01609, USA fon: (508) 831 5061email: [EMAIL PROTECTED] fax: (508) 831 5491www: http://ee.wpi.edu/People/faculty/cxp.html *** For help on using this list (especially unsubscribing), send a message to "[EMAIL PROTECTED]" with one line of text: "help". --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
DCSB: Fred Hapgood; Product/Price Comparison in Digital Commerce
--- begin forwarded text Date: Mon, 8 Mar 1999 07:32:26 -0500 To: [EMAIL PROTECTED], [EMAIL PROTECTED] From: Robert Hettinga [EMAIL PROTECTED] Subject: DCSB: Fred Hapgood; Product/Price Comparison in Digital Commerce Cc: Chris Wysopal [EMAIL PROTECTED], Ron Rivest [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Reply-To: Robert Hettinga [EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- The Digital Commerce Society of Boston Presents Fred Hapgood Author, Analyst The Race to Get In-Between: The Struggle over Control of Product Comparison Presentation Information Tuesday, April 6th, 1999 12 - 2 PM The Downtown Harvard Club of Boston One Federal Street, Boston, MA Arguments can -- and will -- be made that, by the nature of the internet, ecommerce is likely to aggregate around vendors providing the most comprehensive and flexible tools for comparing the largest number of products. If this is right, several questions arise: Who is in the best competitive position: Distributors, who can use their market role to compel participation by vendors; portals, who start with traffic but who need the tools; or specialty catalogers, which have the tools but need the traffic? What is the most plausible business model for such a service? What sort of business, if any, might continue to be handled directly from the sites of individual manufacturers and merchants? Will the advantages accruing to the control of product comparison presentations endure or is this a passing phase? Might the vendors seize control back with a system of distributed agents? Among others. Fred Hapgood is a freelance writer, i.e., intellectual property provider and buzz vector, with a special interest in ecommerce. He has written for almost everyone at least once. http://www.pobox.com/~hapgood This meeting of the Digital Commerce Society of Boston will be held on Tuesday, April 6, 1999, from 12pm - 2pm at the Downtown Branch of the Harvard Club of Boston, on One Federal Street. The price for lunch is $32.50. This price includes lunch, room rental, various A/V hardware, and the speakers' lunch. The Harvard Club *does* have dress code: jackets and ties for men (and no sneakers or jeans), and "appropriate business attire" (whatever that means), for women. Fair warning: since we purchase these luncheons in advance, we will be unable to refund the price of your lunch if the Club finds you in violation of the dress code. We need to receive a company check, or money order, (or, if we *really* know you, a personal check) payable to "The Harvard Club of Boston", by Saturday, April 3rd, or you won't be on the list for lunch. Checks payable to anyone else but The Harvard Club of Boston will have to be sent back. Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston, Massachusetts, 02131. Again, they *must* be made payable to "The Harvard Club of Boston", in the amount of $32.50. Please include your e-mail address, so that we can send you a confirmation If anyone has questions, or has a problem with these arrangements (We've had to work with glacial A/P departments more than once, for instance), please let us know via e-mail, and we'll see if we can work something out. Upcoming speakers for DCSB are: May Chris Wysopal L0pht Client Security JuneRon Rivest MIT Deep Crack = MicroMint? JulyTBA We are actively searching for future speakers. If you are in Boston on the first Tuesday of the month, and you are a principal in digital commerce, and would like to make a presentation to the Society, please send e-mail to the DCSB Program Commmittee, care of Robert Hettinga, mailto: [EMAIL PROTECTED]. For more information about the Digital Commerce Society of Boston, send "info dcsb" in the body of a message to mailto: [EMAIL PROTECTED] . If you want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a message to mailto: [EMAIL PROTECTED] . We look forward to seeing you there! Cheers, Robert Hettinga Moderator, The Digital Commerce Society of Boston -BEGIN PGP SIGNATURE- Version: PGP for Personal Privacy 5.5.3 iQEVAwUBNuPDF8UCGwxmWcHhAQHWQAgAkarr+q1RZr6WXiStDlPQlp4WSCbPTFIk mlcb/hg4baCsx4O0VLGi5u2p84iSE8yQYY7jmMQsrXEujhA7JKbFyFCu7HwdJd/q RrBKcTC35iajkyMG1xCwLSfGskLyzy9dvs7FbzEl1h3jXHCbdZdhmIObQCzeQuNm Z0BetkmMw/lDTWExjJse7Jku49FCq7y4jh6ED3woxAvI+auaA8oDUHhBGPgnYGsy bcCj/igElr78l7J3zi19zUgtUmr00mBjVUi3W8bmM9NOC1LnRWHv8nOwL9sRN4qO oC8H3ZJ1BNh+Bx1GWNMGpCOHQbz+fXy77Ob+/H4WZWwT5iiYHOfnUQ== =Jnfz -END PGP SIGNATURE- - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predic
FT Key Escrow 6 March
--- begin forwarded text From: Somebody To: "Robert Hettinga" [EMAIL PROTECTED] Subject: FT Key Escrow 6 March Date: Sat, 6 Mar 1999 12:38:13 - FT UK March 6 1999 INTERNET: Security proposal welcomed By Paul Taylor in London The UK government has backed away from an open confrontation with the information technology industry over demands that the security services be given access to encryption keys so that they can monitor internet-based electronic commerce messages. Its proposals were welcomed by Intel, the US chipmaker. Instead, the government says in its long-awaited proposals for electronic commerce legislation published yesterday, that it will seek ideas on how to meet the twin objectives of encouraging secure internet based "e-commerce" while protecting the interests of the law enforcement agencies. The government's change over key escrow and third party key recovery, which involves storing confidentiality keys and recovering encrypted data, was welcomed by the UK's Alliance for Electronic Business as well as Intel, one of the most vociferous opponents of key escrow. The government's proposals are set out in a consultation document published yesterday by Stephen Byers, the chief trade and industry minister and Jack Straw, the home secretary. They include plans to set up a voluntary licensing system for businesses providing electronic signatures, proposed changes to other laws needed to ease the growth of e-commerce, and establishing the liability of service providers. "The way we do business in the future is set to change dramatically," said Mr Byers, launching the consultation document. He said the proposed legislation would remove legal barriers to using electronic means in everyday dealings. The government had argued that access to key escrow and third party key recovery was needed to combat crime. Industry, led by IT companies, argued that making this a requirement under a licensing scheme would hinder the development of electronic commerce in Britain. Peter Agar, chairman of the AEB, said the plans recognised the "technical difficulties and potential damage to business competitiveness which such measures would cause". Keith Chapple, director of government affairs for Intel in Europe, said: "A requirement for licensing and offering encryption services could seriously hinder the development of electronic commerce in the UK." --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Another great invention by Microsoft
--- begin forwarded text From: [EMAIL PROTECTED] Date: Wed, 24 Feb 1999 23:21:16 +0100 To: [EMAIL PROTECTED] Subject: Another great invention by Microsoft Sender: [EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED]?subject=subscribe%20dbs Hi, Microsoft recently got their second patent on groundbreaking electronic money methods. It's good to see that there is so much good new work being done in the field! Regards, Stefan = US5872844: System and method for detecting fraudulent expenditure of transferable electronic assets Inventor(s): Yacobi; Yacov , Mercer Island, WA Applicant(s): Microsoft Corporation, Redmond, WA Issued/Filed Dates: Feb. 16, 1999 / Nov. 18, 1996 Abstract: An electronic asset system includes tamper-resistant electronic wallets that store transferable electronic assets. To break such tamper-resistant wallets, the criminal is expected to spend an initial investment to defeat the tamper-resistant protection. The electronic assets are issued by an institution to a wallet (anonymously or non-anonymously). During expenditure, the electronic assets are transferred from a payer wallet to a payee wallet. The payee wallets routinely submit the transferred assets for possible audit. A fraud detection system samples the assets submitted for audit to detect "bad" assets which have been used in a fraudulent manner. Upon detection, the fraud detection system identifies the electronic wallet that used the bad asset and marks it as a "bad wallet". The fraud detection system compiles a list of bad electronic wallets and distributes the list to warn other wallets of the bad electronic wallets. The list is relatively small since it only contains identities of certificates of bad wallets (and not bad coins) and the certificates have short expiration terms, and hence can be stored locally on each wallet. When a bad wallet next attempts to spend assets (whether fraudulently or not), the intended recipient will check the local hot list of bad wallets and refuse to transact business with the bad wallet. CLAIMS: I claim: 1. An electronic asset system comprising: a plurality of electronic wallets; a plurality of transferable electronic assets stored on the electronic wallets, the electronic assets being transferred from payer electronic wallets to payee electronic wallets during transactions; and a fraud detection system to sample a subset of the transferred electronic assets to detect bad assets that have been used in a fraudulent manner, the fraud detection system further identifying the payer electronic wallets that transferred the bad assets. [66 other inventive methods and apparatus omitted] --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: bearer = anonymous = freedom to contract
--- begin forwarded text Date: Mon, 15 Feb 1999 18:51:20 -0800 From: Wei Dai [EMAIL PROTECTED] To: Robert Hettinga [EMAIL PROTECTED] Cc: Adam Back [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: bearer = anonymous = freedom to contract Sender: [EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED]?subject=subscribe%20dbs On Mon, Feb 15, 1999 at 08:03:57PM -0500, Robert Hettinga wrote: Not true. I claim that the closer you get to a cheap, instantaneous, electronic, book-entry settled transaction over an insecure public internetwork, the closer you have to frontload the authorization, the "signature" of the intermediary in the transaction. In fact, that's the most important part of the transaction, the reputation of the transaction's guarantor. You end up with a cryptographic object which whose only information component is the value of the asset and the guarantee of a financial intermediary. A digital bearer certificate, in other words. Suppose you have a payment system that works like this: Bob wants to pay Alice $100, so he sends Alice a digitally signed check "Pay Alice $100 from my account at Bank B." Alice forwards this check to her bank, Bank A. Bank A immediately forwards the check to Bank B. Bank B checks it hasn't seen this check before and Bob has $100 in his account, then debits Bob's account by $100 and sends confirmation to Bank A. Bank A debits Bank B's account at Bank A by $100 and credits Alice's account by $100, then sends confirmation to Alice. (Or if Bank A trusts Bank B, instead of Bank A debiting Bank B's account, Bank B can credit Bank A's account at Bank B.) In an appropriate jurisdiction (namely one that won't force the banks to reverse the payment for any reason) this system has instant settlement, but I think it would be rather confusing to call Bob's check a digital bearer document. But to move away from terminology for a moment, if people really want instant settlement and don't care too much about privacy, is there any reason to expect that something like the above system won't be adopted (along with legal changes to allow for instant settlement) instead of a more privacy-friendly system like blinded ecash? --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Digital Bearer Documents -- an Oxymoron ??
ally, even if you were to "print" and reissue a new certificate, or coupon, for every transaction, you still have something in bearer form. The trustee doesn't know, or care who owns the asset, because the digital bearer certificate contains all the available information to execute, clear, and settle the transaction. Once you are maintaining databases keeping track of each digital document, it is not a big deal if you have one such database (for the issuer, as for digital coins), or a couple (one for signer and one for recipient, as for electronic checks). I think you're going to find that even this matters a lot, but I've already addressed this above. Interestingly, digital bearer certificates probably allow you to *scale* the problem to the net much cheaper by having many separate underwriters, distributing the calculation, storage, and, most important, financial risk of the market. Maybe that's not so much about transaction cost, or maybe it is, I don't know. Remember all those triangles in a geodesic dome distribute the load to the ground. The more triangles, the straighter the lines of force across the structure. In fact, that's what "geodesic", means, literally: the straightest line across a sphere. You can use the same analogy with transaction risk, if you think about it. (The biggest real savings may come from "probabilistic payments", as in my "Lottery Tickets as Micropayments" papers, because then most potential "payments" get tossed as non-winning by the recipient, so the database doesn't need to be consulted for each payment.) That's okay, Ron. You can ride your hobby-horse, as long I get to ride mine. :-). Frankly, I think that *holders*, and not issuers, are going to want to choose which certificate they redeem in a stochastic redemption off-line model, and to do that, the underwriter is going to have to stand ready redeem *any* of them, like with Micromint, and not just one chosen by the issuer, like your "lottery" model, no matter how secure and fair the lottery is. We'll see. Perhaps I've missed something in Bob's long proselytizing I don't call it "Evangelism" for nothing, folks. It won't be science until we have data, but I think my hypotheses about all this stuff will prove out... on these matters, but I hope that others will find this note useful in trying to decipher his wheat from his chaff And here I thought that "chaffing and winnowing" involved no cryptography. :-). See you in Anguilla in a week, Ron. We'll haggle over a beer then, if you want. Cheers, Robert Hettinga, Philodox Financial Technology, yes, Evangelism - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Later validation of Electronic Signatures
--- begin forwarded text Date: Mon, 15 Feb 1999 15:21:57 +0100 Reply-To: Digital Signature discussion [EMAIL PROTECTED] Sender: Digital Signature discussion [EMAIL PROTECTED] From: Hans Nilsson [EMAIL PROTECTED] Subject: Later validation of Electronic Signatures To: [EMAIL PROTECTED] The validation of Electronic Signatures poses several difficult and interesting problems, in particular when it is necessary to validate an Electronic signature for example 20 years later, when the signer key has been compromised and revoked, the CA keys have been compromised, the crypto algorithm or key length used at the signature time is no longer secure, and the hash function used at at the signature time now exhibits message collisions. The validation problem changes over the different time frames: - near term, when all involved certificates are still valid and generally available, - long term, when one or more of the involved certificates have expired, - archival, when the initial cryptography used is no longer secure. Another interesting point to consider is how it is possible to know and trust the signing time as indicated by the signer. Denis Pinkas from Bull and I have written a "white paper" which deals with these kinds of situations and demonstrates the use of time-stamping. Hopefully this paper can serve as a tutorial to this difficult subject, but also as input for the discussion of a common validation model for electronic signatures.The paper can be found at the following addresses: http://www.id2tech.com/news/pdf/ES_validation.pdf http://www.openmaster.com/whitepapers/es_validation.pdf Hope you enjoy it! Hans Nilsson iD2 Technologies Stockholm SWEDEN http://www.id2tech.com --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
CyberPhone - A new kind of e-commerce catalyst
--- begin forwarded text From: Anders Rundgren [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] MMDF-Warning: Parse error in original version of preceding line at one.eListX.com Subject: CyberPhone - A new kind of e-commerce catalyst Date: Sun, 7 Feb 1999 10:01:36 - Sender: [EMAIL PROTECTED] Source-Info: From (or Sender) name not authenticated. Hi, on the URL http://www.mobilephones-tng.comhttp://www.mobilephones-tng.com you will find a preliminary specfication on a device that in addition of being a full-fledged mobil phone also does the following: Eliminates most types of smart cards Supports both OBI and SET Works over GSM, locally in a shop, or connected to PC Regards Anders Rundgren Senior Internet e-commerce Architect Jaybis AB --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
How DigiCash Blew Everything
--- begin forwarded text Date: Sun, 7 Feb 1999 13:18:55 -0400 (AST) From: Ian Grigg [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: "How DigiCash Blew Everything" Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED]?subject=subscribe%20dbs Editor's note. This was translated by some dutch natives, and then edited by myself for style. It is only about half-way done, others might feel free to finish it or comment on the rough translation. iang =8===8===8===8===8===8===8=== How DigiCash blew everything In September 1998 the high-tech company DigiCash finally went bankrupt. The office in Palo Alto, California was remained open for a while but it was merely a stay of execution. Two months ago the company filed for Chapter 11. Nobody realises, but with the "pending failure" of DigiCash, a bit of Dutch Glory died. The company made a brilliant product. Even Silicon Valley was jealeous of the avant garde technology invented in the Amsterdam Science Park. Internet "guru" Nicholas Negroponte went so far as to call the electronic payment system, ecash, "The most exciting product I have seen in the past 20 years". The rise and fall of DigiCash: a story about paranonia, idealism, amateurism and greed. David Chaum The name of one man stands out way above anyone else in the history of DigiCash: David Chaum, US citizen, born into a wealthy family, brilliant mathematicion and one who had to always have things his own way (1). After travelling around the world he ended up in Amsterdam in the late 80's. Here, he became head of the cryptography department of the CWI (Centre of Mathamatics and Information Science). Cryptography is the science of encoding and decoding of data, in order to maintain privacy, for privacy. Chaum had build built a big reputation in this field in the previous few years. Insiders estimated he was in the top 5 of the world at the time. And at the CWI, they also worked on electronic payment systems. In the early 90s, Rijkswatarstaat (2) became interested as they were thinking about introducing automatic toll-collection roads. Chaum got together a few researchers, mainly from earlier contacts with the university of Eindhoven. All guys who knew each other through a "young researchers" programme sponsored by Philips. They had all spent their youth programming behind a computer. Enthusiastically they started, and within little over a week the job was done. DigiCash Rijkswatarstaat was satisfied and the team got another assignment. That was the moment when Chaum heard the "sound of money." Why couldn't he turn the patents he claimed in the 80s into money?. On April 20th 1990 the company DigiCash was founded. Unfortunately Rijkswatarstaat decided to put the advanced system on the shelf and to continue with the old standby, number plate recognition. Chaum could have divested himself of the company and continued his work at the CWI, but he had apparently tasted the forbidden fruit of business. He decided to market his research other ways: smart cards, point-of-sale applicatons, cash registers and telebanking. Of course, he had to quit his job at the CWI because of the risk of conflict of interest. Financing of the company was done privately by the American. Former DigiCash employees agree that Chaum and his family had at least contributed a few million. It all started out quite nicely. The new company sold a smart card for closed systems which was a cashcow for years. It was at this time that the first irritatants appeared. Even if you are a brilliant scientist, that doesn't mean you are a good manager. David Chaum was a control freak, someone who couldn't delegate anything to anyone else. "That resulted in slowing down research" explains an ex-DigiCash employee who wished to remain anonymous. "We had a lot of half-finished product. He always directed things the other way." This drove a few people crazy and it didn't take long before the first resigned and started their own company. In 1992 Boudewij de Kerf and Eduard de Jong quit the company and went to Silicon Valley where they invented and sold an operating system to Sun Microsystems for a substantial sum. Ecash Annoying as he was, David Chaum had brilliant ideas. In 1993 he invented the digital payment system ecash. According to insiders, it was a technically perfect product which made it possible to safely and anonymously pay over the Internet. This was a field in which a lot of work needed to be done, according to the ever-paranoid cryptographers. They considered that to pay with your credit card was extremely insecure. Someone only had to intercept the number to be able to spend someone else's money. Credit cards are also very cumbersome for small payments. The transaction fees are simply too high. Ecash however was perfectly suited to sending electronic pennies and dimes over the Internet. It was especially this idealism that prevented people from
Re: CDR: DigiGold
--- begin forwarded text Date: Sat, 6 Feb 1999 10:51:39 -0400 (AST) From: Ian Grigg [EMAIL PROTECTED] To: [EMAIL PROTECTED], unlisted-recipients:; Subject: Re: CDR: DigiGold Cc: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Robin Lee Powell said: I'd like to hear people's comments on this; I've seen it before (in a slightly different form, I think), and I think it's a good idea, It depends which bit you are referring to. The PR is, um, oriented towards marketing needs, and doesn't give a good picture as to what is happening. I'll try and describe it here. This note is rather lengthy; it describes the structural details first, bottom up, then the cash details later. The e-gold.com system is a fairly conventional accounting system that lives on an SSL webserver. The organisation provides metals- denominated accounts so that users can do transfers between each other on different metals. Primarily gold, but also silver, platinum and palladium. For each gram of accounted gold available to users, called "e-gold," there is a gram of physical metal held somewhere. Most of the metal is held in Switzerland, in the vaults of a specialist metals warehouse operation. To get metal into the system, you either send them your metal, or send them cash, and they buy the metal for you. The converse also works, of course. That's e-gold: fairly boring, in crypto terms, as it is just accounting protected by SSL, and not much more than the average banking site. That is of course precisely what you want for this sort of operation. Now, on top of that, the DigiGold.net organisation (a related new group) are going to issue a digital currency. In governance terms this is very interesting, because in order to "back" the digital currency, DigiGold.net are going to maintain an account with e-gold.com, and both the digital currency server and the e-gold server will reveal some vital statistics concerning float and reserves. This results in a three- tiered, auditable structure: gold at the bottom, e-gold as the available medium, and DigiGold as the digital currency. This might seem a round-about way of doing things, but it makes a lot of sense from the point of view of trying to build a structure that people can examine dynamically over the net, and develop long-term confidence in. The digital currency, DigiGold, is done using the Ricardo system from Systemics. This design is fairly classical, as value systems go, with clients, a protocol and servers. Client is called WebFunds and is all-Java. Servers are half Java, half Perl. The protocol, the more interesting part, is called SOX (for Systemics Open Transactions) and was designed and written by Gary Howland. It is a nymous transfer protocol, with three phases. The first phase is called registration, with key exchange, time sync, and public key registration included. This phase sets up a secure communications method between the client and the server, with public key crypto negotiated into secret session keys, all protected by times for replay. The second phase is the transfer between public keys. In the nymous concept, the public key is the identity, and the secret key gives access to the funds stored within. The very important third phase is the mailbox. Simply put, the client gets mail from the server, and signs for it. This feature allows both reliability and simplicity throughout, as all transfers can be send-and-forget. or each transfer, Ivan the Issuer creates two receipts, one each for Alice, the payee, and Bob, the payer. These are deposited in their respective mailboxes, and also *optionally* returned during the transfer phase. In order to make the protocol work, Ivan is nasty towards the participants. He forces Alice to sign for her receipts, and refuses to reveal what is in an account. In this way, Alice must store receipts reliably (tough in Java), and thus the system achieves a shared database - both Ivan and Alice hold exactly the same information. This is Nirvana for dispute resolution, but it a bit tough on the programmers, who have to bear the brunt of customer anger. but I'm not convinced as to their crypto-saavy. SOX, and Ricardo, is built on Cryptix - and to be historically accurate, Cryptix was originally written to support this exact application. When we had finally got it written and debugged, we felt that it would be too hard to maintain within a small company, so pushed it out as freeware. Cryptix now has a huge user base in Java crypto, whilst the Perl version never really took off (not because of its own lacking, just that there was never much interest). On the biz side, the DigiGold people have asked for a demo and a talk about it at FC99.ai, which is an annual conference on this business - that which we call Financial Cryptography. Happening at a Caribbean Island near you, last week of February. iang Notes: DigiGold.net will issue DigiGold, and hold reserves in e-gold.
On the limits of steganography
http://www.cl.cam.ac.uk/~fapp2/papers/jsac98-limsteg/node1.html Cheers, Robert Hettinga - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Damn Furriners :-)
I have an idea, it's a whopper, or at least I think it is at the moment :-), but I want to get some thoughts from people, first. I expect I'm tipping my hand, but I'm going to ask this question here on these lists, anyway. So, folks... If you had a bunch of *American* cryptographic engineers in one place, people who wrote code for a paycheck, what could they do, sell, talk about, etc., that they couldn't or wouldn't do, legally or otherwise, with foreign nationals in the room? Cheers, Robert Hettinga - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Damn Furriners :-)
Funny, I didn't *send* that here... :-). Cheers, Robert Hettinga - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Damn Furriners :-)
At 8:35 PM -0500 on 1/24/99, Robert Hettinga wrote: Funny, I didn't *send* that here... Heh... Well, actually, I did. Here. I mean. Somebody can shoot me now. :-). Actually, somebody else sent the original off to cypherpunks under my name somehow, and I was replying to *that* message. Serves me right for not noticing that cypherpunks wasn't anywhere but in the sender header when I replied to it. Makes me wish I could decode received headers a little bit. Anyway, I did, however, send the first message to *these* three lists, and in pennance for the above rather contentless goof, (and since I haven't heard anything here yet :-)), I figured I'd expand things a little bit. Now, I understand that Americans can't give code to foreigners :-) these days, and obviously they can't actually export it, by sending it out of the country, in electronic form. I remember in Anguilla last year, for example, I had to swear I was an American in order to get my Crypto IButton from the Java guy. So, again, what I'm really interested in finding out is, if you had a group of American cryptographic engineers in the same room, is there anything you could do in that room that you couldn't do if there were any foriegn nationals present? Cheers, Robert Hettinga - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
[RRE]Authenticity, Social Accountability and Trust
--- begin forwarded text Date: Wed, 20 Jan 1999 14:36:42 -0800 (PST) From: Phil Agre [EMAIL PROTECTED] To: "Red Rock Eater News Service" [EMAIL PROTECTED] Subject: [RRE]Authenticity, Social Accountability and Trust Sender: [EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, see http://dlis.gseis.ucla.edu/people/pagre/rre.html or send a message to [EMAIL PROTECTED] with Subject: info rre =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Wed, 20 Jan 1999 17:33:08 -0500 From: Rob Kling [EMAIL PROTECTED] Subject: CFP: Issues of Authenticity, Social Accountability Trust .Special Issue of The Information Society Issues of Authenticity, Social Accountability Trust with Electronic Records Edited by Wendy Duff The Information Society (TIS) invites authors to submit papers for review on the topic of "Issues of Authenticity, Social Accountability Trust with Electronic Records" for a special issue. Please respond to Prof. Wendy Duff at [EMAIL PROTECTED] CALL FOR PAPERS Organizations, both public and private, are becoming increasingly dependent upon the capture, exchange and use of records in electronic form. Electronic records are permeating all facets of our lives including health care, research and development, commerce, and scholarship. Although electronic records are becoming ubiquitous, their value as evidence of actions relies upon proving their integrity and trustworthiness. Reliable authentic records provide proof of what was promised and what took place. They contain information essential for conducting business, for studying society and organizations, as well as holding agencies and governments to account. However, as records are transformed from a stable paper reality to an intangible electronic existence, the physical attributes which establish their authenticity and reliability are disappearing. Electronic recordkeeping brings forth changes in organizational structures, processes and systems. The transformation of the context of records creation affects the interpretation the event or act that created the record, what the record reflects, and what it purports to be. Technological innovation in record keeping brings with it a concomitant need to develop new methods and procedures for ensuring authenticity and trustworthiness in records. Electronic records provide an opportunity and perspective for examining the issues of authenticity, social accountability and trust that affect all records. It is time to focus attention on these topics, to explore the implications of electronic records for society, and to investigate solutions to ensure the capture and preservation of authentic and trustworthy records in electronic form. This special issue of TIS hopes to further research and discussion on electronic records by publishing papers on the various aspects of this theme from diverse viewpoints. Topics of interest include but are by no means limited to: * the authenticity of records in an electronic environment * records and process change * trustworthiness in electronic commerce * electronic patient record * authenticity of electronic records and its effect on scholarly research * ethnographic studies of electronic recordkeeping * electronic records and the law * electronic records and the government * electronic records and accountability. Papers that use either qualitative or quantitative research methods are welcome. Papers from diverse research areas including archives, social science, legal research or computer science are encouraged. Although research articles and empirical studies will be favored, theoretical discussions that provide new insights or state of the art reviews that cover diverse disciplines will also be considered. Authors are invited to nominate up to four reviewers who are knowledgeable about the topic (authors, however, should avoid any nominations that involve a conflict of interest). Nominations should include: name, complete address, telephone, fax, and electronic mail address. FIVE COPIES OF THE PAPER PREPARED ACCORDING TO THE TIS GUIDELINES SHOULD BE SUBMITTED BY March 15, 1999. (See http://www.slis.indiana.edu/TIS/tisinst.html ) We encourage prospective authors to become familiar with TIS and to discuss possible articles with the Special Issue editor. Manuscript guidelines and a list of the titles and abstracts of articles published in TIS can be found on the journal's web site (http://www.slis.indiana.edu/TIS/) . Please
FBI secret police
--- begin forwarded text Date: Thu, 18 Nov 1999 13:37:46 -0500 From: William Allen Simpson [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: FBI secret police Sender: [EMAIL PROTECTED] As I prefer to give specific examples from life, rather than speculation, here's a long post that might give a hint as to why we do not trust our government agencies. Jacob Palme wrote: This is also, perhaps, a difference of the view on law enforcement agencies. In the U.S. you seem to be much more afraid of misuse by law enforcement agencies, you do not seem to trust your police as much as we do in some other countries. William Allen Simpson wrote: And just to top it off, I've been unable to get my own personal FBI records in 6 years. The law states they have 20 days. Their most recent excuse says they have to search over a million records. Wonder of wonders, I just received a portion of my FBI Freedom of Information records yesterday. Apparently, their very existance was classified "SECRET", by "G-3", and was supposed to be "declassified on: OADR". Any idea what that means? However, most of the contents were still classified secret again by 60267NLS/BCE/JMS for reason 1.5(C), on May 25, 1999, to be declassified on "X.1". So, virtually the entire documents are blacked out, labeled "b1". The included handy reference guide lists "(b)(1)" as: "(A) specifically authorized under criteria established by an Executive order to be kept secret in the interest of national defense or foreign policy and (B) are in fact properly classified pursuant to such Executive order" These records are from 1991, 1992, and 1993. The "predication for this investigation" is secret. The "Basis of the Investigation" is secret. The "Objectives of the Investigation" are secret. The "Status of the Investigation" is secret. Other smaller sections are blacked out with labels (b)(2): "related solely to the internal personnel rules and practices of the agency" and (b)(7)(D): "could reasonably be expected to disclose the identity of a confidential source, including a State, local, or foreign agent or authority or any private institution which furnished information on a confidential basis, and, in the case of records or information compiled by a criminal law enforcement agency in the course of a criminal investigation, or by an agency conducting a lawful national security intelligence investigation, information furnished by confidential source" It is particularly amusing that the latter is used to black out records of contact with my own parents (who refused to talk with them), copies of email that I sent, and my vehicle title (where I have the original copy). Somebody had a very heavy hand in the censorship. (Also amusing, the FBI was still using all cap teletype in '92 :-) What is less amusing is that the FBI spent over a year going to each place that I had email access and tried to convince them to revoke my access. They were successful in (at least) two places. They interviewed at least 11 people out of their Albuquerque, Boston, Detroit, Minneapolis and San Francisco offices. Apparently, they investigated my IETF activities at Santa Fe, San Diego, Boston and Washington DC. They quote the Santa Fe and San Diego proceedings. They direct agents to IETF meetings, "to ascertain if subject came to any notice at the PPPWG meetings." They make specific reference to CHAP and DES. Various clear sentence fragments indicate a concern that the PPPWG meeting was taking place sponsored by Los Alamos, and that "these meetings attract interested persons worldwide." Another fragment indicates a concern that my PPP software was distributed by servers at White Sands Missile Base and mirrored at various universities. The most legible interview, still mostly blacked out, gives a hint as to the questions that were being raised: black "black stated that he believes the PPP is legal technology. However, if the government is attempting to restrict the dissemination of authentication protocols, he believes it is too late. It is like locking the barn after the horse has escaped (per black). black "In summary, black does not believe Simpson has engaged in breaking United States export laws regarding the export of cryptographic devices or is interested in violating such laws at the behest of a foreign power." The name blacked out appears to occupy 3 letters. My thanks to Karl Fox or Craig Fox! The instigator of the investigation appears to have a surname of 4 or maybe 5 letters. Thus, it is probably not "Atkinson". Perhaps it's the former IAB member that required the removal of the PPP LCP encryption option, refused to publish CHAP, and refused to grant the IPSec charter When the NomCom replaced the IAB, he was first against the wall. "Sources whose identities are concealed herein have furnished reliable information in the past
FW: Censored Australian crypto report liberated - vely interesting
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Sat, 9 Jan 1999 13:08:21 -0600 Reply-To: Digital Signature discussion [EMAIL PROTECTED] Sender: Digital Signature discussion [EMAIL PROTECTED] From: Richard Hornbeck [EMAIL PROTECTED] Subject: FW: Censored Australian crypto report liberated - vely interesting To: [EMAIL PROTECTED] Another one from over the transom. Some of the more interesting 'unredacted' comments from this document, which is described in greater detail below, include: === 1.2.52 The models of 'Commercial Key Escrow' and 'Trusted Third Party' systems variously proposed by the United States and Britain contain some (inevitable?) design flaws which will leave subjects of law enforcement and national security investigations outside their arrangements. The market may well identify, for normal commercial reasons, the need for trusted third party services in Australia. (paragraphs 4.5.4-11; 4.7.1-6 refer) === Nothing really new or unexpected in the passage above. == 3.2.9 Despite an understandable concern at what might be, the indications are that the current United States experience is not significantly different to Australia's - a small proportionate incidence of personal computers and associated digital storage utilising encryption or password protection but the trend line moving upward in only a slight way from a low base. The encryption involved ranging from the relatively unsophisticated through to DES. = Interesting, considering one of the FBI's strongest arguments for export controls was the increase in encrypted stored data. At least 'unredacted' portions of the document acknowledge the minimal positive results that export control is having. Lots more where that came from! Richard Hornbeck [EMAIL PROTECTED] www.primenet.com/~hornbeck -Original Message- From: Greg Taylor [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 09, 1999 3:12 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Censored Australian crypto report liberated EFA has obtained access to an uncensored copy of the "Review of Policy relating to Encryption Technologies" (the Walsh Report) and this has now been released online at: http://www.efa.org.au/Issues/Crypto/Walsh/index.htm The originally censored parts are highlighted in red. The story behind this is a rather comical example of bureaucratic incompetence. Revisiting a little history, the report was prepared in late 1996 by Gerard Walsh, former deputy director of the Australian Security Intelligence Organisation (ASIO). The report had been commissioned by the Attorney-General's Department in an attempt to open up the cryptography debate in Australia. It was intended to be released publicly and was sent to the government printer early in 1997. However, distribution was stopped, allegedly at a very high (i.e. political) level. EFA got wind of this and applied for its release under FOI in March 1997. This was rejected for law enforcement, public safety and national security reasons. We persisted, and eventually obtained a censored copy in June 1997, with the allegedly sensitive portions whited out. The report was released on the EFA website, and in the subsequent media coverage the department claimed that the report was never intended to be made public, a claim that is clearly at odds with Gerard Walsh's understanding of the objectives, as is obvious from his foreword to the report. It has now come to light that the Australian Government Publishing Service, which printed the report, lodged "deposit copies" with certain major libraries. This is a standard practice with all Australian government reports that are intended for public distribution. The Walsh Report is quite possibly the first instance where a report was withdrawn after printing but before any public release. It is believed that the Attorney-General's department was unaware that not all copies had been returned to them. To this day, the report remains officially unreleased, except for the censored FOI version. Interestingly, several Australian government sites now link to the report on the EFA website. Quite possibly, this situation would have remained unchanged, except for an alert university student who recently stumbled across an unexpurgated copy of the report, gathering dust in the State Library in Hobart. The uncensored version has now replaced the censored report at the original URL. The irony of this tale is that the allegedly sensitive parts of the report, which were meant to be hidden from public gaze, are now dramatically highlighted. The censored sections provide a unique insight into the bureaucratic and political paranoia about cryptography, such that censorship was deemed to be an appropriate response. The official case for strict crypto controls is now greatly weakened, because much of the censored material consists of unpalatable truths that the administration would prefer to be
Re: Ruthless.com
-BEGIN PGP SIGNED MESSAGE- At 7:11 AM -0500 on 1/5/99, Steve Mynott wrote: He's the sales blurb for Tom Clancy's new book: Ruthless.com A new novel from one of the bestselling authors in the world, Ruthless.com is a potent blend of international power politics, intrigue, and cutting-edge military high-tech. When the President of the USA bows to commercial pressure to deregulate computer encryption code, he paves the way for potential disaster as terrorists have possible access to the national defence computers and the security of the country is seriously undermined. Sure enough, an armed nuclear submarine becomes the target of a powerful terrorist group who plan to hijack it and demand the largest ransom in history. Roger Gordian, CEO of America's largest computer company, understands the danger and has the resources to act against them before it's too late. Lucky me, my brother-in-law the Harley dealer (and former nationally-honored high school principal :-o) sent this thing to me for Christmas. He must have been pulling my leg, as you'll see in a bit. Haven't read this book yet, though I expect it, even Clancy-sponsored (Coverblurbage: "New York Times #1 Best Selling Series; Tom Clancy's Power Plays; Created by Tom Clancy and Martin Greenburg"), or, come to think of it these days, because it *is* so, to be on the same order of the movie "Murcury Rising", i.e., not really about crypto, and more about FUD. - From the back cover of my copy: "August, 2000. The new millenium has brought a new kind of terrorism... noir-score: "Dah-dah-du" :-) Encryption technology keeps the codes for the world's security and communication systems top secret. The profit potential is huge -- but deregulating this state-of-the-art technology for rexport could put a back-door key in the front pocket of spies and terrorists around the world. And when American business man Roger Gordian refuses to sell his sophisticated encryption to foriegn companies, he suddenly finds his company the object of a corporate takeover 00 and to say it's hostile doesn't even come close. Gordian is the only man who stands between the nation's military software and a powerful circle of drug lords and political extremists who want to put Roger Gordian -- and the leadership of the free world -- out of business for good... ruthless.com is a novel based on the Red Storm Entertainment computer game." With a back cover like that, it'll probably be a jingo-statist diatribe and Clipper apologia good enough to make even Dorothy Denning blow coffee out her nose, laughing so hard... I'm trying to figure out if I should hold my own nose, read the damn thing, and do a book-review. Maybe I should do it only if I get paid to do so. :-). I mean, I couldn't get through the last Clancy book I got, the one about the weevil Jap badguy who crashed the entire American capital market, using a single tape-drive, all while co-opting what marginally passes for a Japanese space effort to lob a missle at us. So, I'm not sure I can do it this time, either. The reason I think the gift was humorous was that my brother-in-law also sent me Paul Erdman's "The Set-Up", about a framed Fed chairman on the run. (:-o)^2 Erdman also wrote "The Crash of '79", which I actually read, in 11th grade or so, the "Panic of '89", and other precient masterpieces in that vein. Maybe Declan McCullough and Tim May could help him write "The Infocalypse of '00", or something. Cryptography and programmers and bankers, oh, my... Cheers, Robert Hettinga -BEGIN PGP SIGNATURE- Version: PGP for Personal Privacy 5.5.5 iQEVAwUBNpIoQsUCGwxmWcHhAQEciwf/YAJ1YIRmJfOOkSMzt7Vi1KD4/CxM+fRE a5FdZ2/x45yLS06J5Vm426y9B5dw+ff7s5NtPjb7oeJQwpO75KOXwwnbI1bPPT43 eA0ksq8wdwbl31QYBHQ8QT6FQGDAdW9nAXvawt0ntZaTi6Ujh0+kaHxD4Gzk39K8 uks9Qju99FgB2qsEeM9LrDAWyiTO9xLOt6ETV1I1Neu9WCyK//ZQR25UWUZUz0VA d6Lqix+FclcZOPtndyv9S8k6u+WBvAW5XG93m6q6nvpmSRxdk9xJv22dosyYIuiL GSY8SX8Nb1f/mxSiY56iYYQPGpvpmyMTnetFwrEaeXCTgF9mvyP6mg== =0V80 -END PGP SIGNATURE- - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Aaron Speaks? [RRE]Conference on HR Data and the EU PrivacyDirective
Is there anyone here who wants to pay to endure a probably deathly dull suit-conference :-), to ask David Aaron, the Clinton administration's Official Ambassador Against Cryptography [invited] ;-), a few rather pointed questions? (Okay, if Swire's there, it's probably not going to be *completely* boring...) By the way, DCSB is going to have a talk on these EU privacy regulations, and their implications to issues much broader than just human resources, at our February 2nd meeting. The speaker will be Roland Mueller from Secunet, who, before Secunet, was responsible for Daimler-Benz's privacy and security policy. Cheers, Robert Hettinga, Moderator, The Digital Commerce Society of Boston --- begin forwarded text Date: Sun, 3 Jan 1999 03:04:34 -0800 (PST) From: Phil Agre [EMAIL PROTECTED] To: "Red Rock Eater News Service" [EMAIL PROTECTED] Subject: [RRE]Conference on HR Data and the EU Privacy Directive Sender: [EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, see http://dlis.gseis.ucla.edu/people/pagre/rre.html or send a message to [EMAIL PROTECTED] with Subject: info rre =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Sat, 2 Jan 1999 16:45:32 -0500 From: [EMAIL PROTECTED] Subject: Conference on HR Data and the EU Privacy Directive [...] * * * * * "HR Data and the European Privacy Directive: Meeting the Challenge in Global Organizations" January 21-22, 1999 Teaneck, NJ For global organizations with employees or business partners in Europe, few developments in recent years have more impact on human resource management than the European Union Privacy Directive, which went into effect on October 25, 1998. The new law, prohibiting the transfer of personal information to countries such as the U.S. or organizations that do not ensure "adequate protection" of personal data, presents major challenges to companies not in compliance, including potential disruptions in transborder data flows of human resource information, privacy-based litigation and adverse public relations. To address the issues and challenges surrounding the Directive, the Privacy Committee of IHRIM (the International Association for Human Resource Information Management) and Privacy American Business are presenting a first-ever comprehensive and authoritative conference, "HR Data and the European Privacy Directive: Meeting the Challenge in Global Organizations," on January 21-22, 1999 at the Glenpointe Marriott Hotel in Teaneck, NJ. Major sponsors of the conference are PeopleSoft and SAP; HRIMS, The Hunter Group and J.D. Edwards are supporting sponsors. This conference will be the premier educational event designed to help HR/HRIS executives and practitioners understand and explore the challenges posed by the Directive, with a focus upon what will be needed to ensure the movement of employee data out of Europe in the months and years ahead. Senior government officials from the EU, the U.S. and Canada will participate, along with privacy experts and policymakers, legal authorities on the directive and its implications for HR, companies and consultants leading the way in addressing compliance requirements, and vendors providing technological support for privacy protection. THURSDAY, JANUARY 21 - DAY ONE OF THE CONFERENCE 8:30 am Registration and Continental Breakfast 9:00 am Chairman's Welcome, Donald Harris, Chair, IHRIM's Committee on Information Use and Protection I. The EU Privacy Directive: Significance and Challenge for HR a. "The Globalization of Data Protection: Implications for HR Information Systems" Alan Westin, Publisher, Privacy and American Business b. "Setting the Bar: Key Requirements of the Directive Impacting Human Resource Management" Scott Blackmer, Partner, Wilmer, Cutler and Pickering c. "The Directive Arrives: Risks and Dangers for HR and HRIS" Peter Swire, Professor, Ohio State School of Law d. "Update on U.S.-EU Discussions and Early Experiences Moving HR Data Under the Directive" e. "From Standards Into Law: How Canada is Developing National Privacy Legislation" Michelle d'Auray, Executive Director, Government of Canada'sTask Force on Electronic Commerce 12:30 pm - Keynote Luncheon Presentation: "The View From the European Commission" Gerard de Graaf, First Secretary, Washington Delegation, the European Commission II. Strategies and Requirements for Compliance a. "The Role of Employee Consent in
[Zero-Knowledge Press Release] Experts to Call for Rejection ofInternet Wiretap Plan
--- begin forwarded text From: Dov Smith [EMAIL PROTECTED] To: ZKS Press Releases [EMAIL PROTECTED] Subject: [Zero-Knowledge Press Release] Experts to Call for Rejection of Internet Wiretap Plan Date: Fri, 5 Nov 1999 13:19:59 -0500 Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] == Zero-Knowledge Systems Press Release, http://www.zeroknowledge.com == MEDIA ADVISORY EXPERTS TO CALL FOR REJECTION OF INTERNET WIRETAP PLAN WHAT: Internet privacy company Zero-Knowledge Systems, in conjunction with leading members of the privacy, cryptography, legal and business communities, will present an Open Letter to members of the Internet Engineering Task Force, urging them not to adopt protocols that will facilitate eavesdropping on the Internet. The Open Letter will be presented as the IETF membership prepares to debate whether to "develop new protocols or modify existing protocols to support mechanisms whose primary purpose is to support wire- tapping or other law enforcement activities." The Open Letter presentation will immediately follow the Junkbusters Privacy in Commerce Awards, which spotlight the good, the bad and the ugly about privacy and businesses. Earlier in the day, Zero-Knowledge Systems president Austin Hill will participate in the FTC/Commerce Dept. Public Workshop on Online Profiling. WHEN: Monday, November 8th, 1999. Reception begins 5:00 PM, events begin 5:30 PM sharp. WHERE:The Holeman Lounge National Press Club 529 14th St. NW, 13th Floor Washington, DC 20045 For more information or to speak with Austin Hill, please contact:: Dov Smith Director of Public Relations 514.287.7447 x 248 [EMAIL PROTECTED] http://www.zeroknowledge.com or Kristy Jarosh Weber Group Public Relations 415.616.6037 [EMAIL PROTECTED] # # # ___ Dov Smith, Director of Public Relations Zero-Knowledge Systems Inc. -- "Nothing Personal" T: 514.287.7447 x 248 E: mailto:[EMAIL PROTECTED] F: 514.287.0967 W: http://www.zeroknowledge.com Press Room: http://www.zeroknowledge.com/pressroom ___ --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Fwd: Digital Cash Pioneer Promoting Universal Card Payments System
--- begin forwarded text Date: Wed, 03 Nov 1999 13:20:58 -0800 To: [EMAIL PROTECTED] From: Steve Schear [EMAIL PROTECTED] Subject: Fwd: "Digital Cash Pioneer Promoting Universal Card Payments System" Sender: [EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] Friday, October 29, 1999 Digital Cash Pioneer Promoting Universal Card Payments System By Jeffrey Kutler David Chaum, who gained fame as the inventor of a digital cash system for the Internet, is taking up the cause of credit cards. Not content to wait for electronic wallet technology to be perfected, Mr. Chaum is proposing a way for any cardholder to pay any merchant anywhere on the World Wide Web without having to worry about software compatibility. In keeping with Mr. Chaum's renown as a cryptologist and advocate of privacy, he says his method is replete with security measures and anonymity options on multiple levels. Given that he wants to stimulate credit card usage and perhaps enter into cooperative relationships with banks, Mr. Chaum said he is optimistic that his system will catch on in ways that the technically elegant but commercially premature E-cash system, which brought him notoriety earlier in the decade, did not. Mr. Chaum said he learned from his struggles after founding now-defunct Digicash Inc. nine years ago that "it's all about deployment and adoption." His patented E-cash could have been accessible at virtually any personal computer, but it was useless without merchant acceptance. "My view is, you have to get to all merchants," Mr. Chaum said in an interview. "The only definition of money is ubiquity," and he said the virtual wallet proposals from computer and software vendors fall far short of that. He would create ubiquity for secure credit card transactions by serving as a trusted intermediary between buyers and sellers. A consumer who might be hesitant to "pull the trigger" on an on-line purchase -- a common outcome even at reputable "e-tailing" sites because of security and privacy fears -- could go to Mr. Chaum's Web site for peace of mind. His system would not just authorize or verify the cardholder. It would generate a one-time card number, using the standard 16-digit format, specifically for that transaction. Even if it were compromised -- which Mr. Chaum said is next to impossible because of a multiple-computer configuration with requisite cryptographic safeguards -- the card number's uniqueness would stifle any attempt at illicit use or re-use. More to the point of what he is trying to accomplish, the account number would be transferred with relative ease to the merchant's order form, regardless of the technology employed. Both sides in the transaction are assured of the payment's validity, even if the cardholder is a stickler for privacy, is buying a digital commodity such as software, and does not want to provide a mailing address to the seller. Mr. Chaum hinted that he is shopping his brainchild around to banks and other companies, but he would not be specific about any progress he is making. He said the revenue -- or revenue-sharing -- propositions could vary according to desired business model or "scenario." Fees could be collect __ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
DCSB Call for Speakers
--- begin forwarded text Date: Thu, 31 Dec 1998 09:51:21 -0500 To: [EMAIL PROTECTED], [EMAIL PROTECTED] From: Robert Hettinga [EMAIL PROTECTED] Subject: DCSB Call for Speakers Sender: [EMAIL PROTECTED] Reply-To: Robert Hettinga [EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- The Program Committee of the Digital Commerce Society invites any member of the dcsb mailing lists to submit their proposal for a luncheon talk to the Society. Speakers can be any *principal* in any field of digital commerce. That means anyone who is doing interesting research or development in, or who is making significant market innovation in, the technology, finance, economics, law, or policy of commerce on the global public internetwork. The Committee tends to consider the person giving the talk first, and then gives the speaker lots of discretion in the content of their talk -- as long as it pertains to DCSB's charter to promote innovation in internet commerce. The Society's meetings are held on the first Tuesday of the month at the Downtown Branch of the Harvard Club of Boston, One Federal Street, Thirty-Eighth Floor, in Boston, from 12 to 2 in the afternoon. Unfortunately, the Society can not remunerate a speaker for any fees or expenses other than, obviously, the speaker's lunch, and basic overhead projection equipment. There is dial-up internet access for the meeting room. If you, or anyone you know, are interested in speaking to the society, please send, via email, a proposal, consisting of a single paragraph on the speaker, and a single paragraph on the proposed talk, to Robert Hettinga mailto: [EMAIL PROTECTED], the chairman of the DCSB Program Committee, and the Society's Moderator. A list of previous speakers can be obtained with the following URL mailto:[EMAIL PROTECTED]?body=info%20dcsb, or, if your mailreader/browser doesn't support mailtos, send info dcsb in the *body* of a message to [EMAIL PROTECTED] . Thank you for considering DCSB in your speaking plans, and, if you have any questions on your submission, please contact me directly. Cordially, Robert A. Hettinga Moderator and Program Committee Chair, The Digital Commerce Society of Boston -BEGIN PGP SIGNATURE- Version: PGP for Personal Privacy 5.5.5 iQEVAwUBNhTb/sUCGwxmWcHhAQHO2Qf/czV5QvJpM8RsX7UPydK0XAigPU6z+KxR 7sRwSOG+uguMLcEgvp+UItAOtXQc4ZGxMZib3LyqS9Hq3iZVHWTJkY/Qvk9kGUYH WNia7+1JTWfpeScDn8VSLQP4SgXSDXPoAagzxkTGs8fOuuwndb3TeDQOsTZvC/Br +Cb6cH5AM1rUr8IZBw7VJoLAkf0Hi3f1rtrWOp0lQ6DMcTVkfXy3lfa7scVXP90+ Wswa40wCrCp0O1N9mwhZa9BKGzztlksMRZzDLKVZe8tXqBMqdnQ6Un8cLLHIWdpK PFs32XSN9YqXvUQozsthc2Ao0rz4wqlTE26UNhcwCqDff04KrJ5/BA== =IhaG -END PGP SIGNATURE- - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "The direct use of physical force is so poor a solution to the problem of limited resources that it is commonly employed only by small children and great nations." -- David Friedman, _The_Machinery_of_Freedom_ For help on using this list (especially unsubscribing), send a message to "[EMAIL PROTECTED]" with one line of text: "help". --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Global Strike to protest Wassenaar
At 9:05 AM -0500 on 12/10/98, Ken Williams wrote: "Strike to protest Wassenaar!" URL: http://www.zanshin.com/~bobg/ "This is a global call for computer professionals to strike on Monday, 14 December, 1998 to protest the signing of the Wassenaar Arrangement, an international treaty that imposes new restrictions on cryptographic software technology. Now, *this* is interesting... Anyone actually contemplating doing this? I mean, we could *all* stand to do a little extra (meatspace) Christmas shopping on Monday, right? (Then, I guess, we could all do our cypherspace Christmas shopping on *Tuesday*, just to drive the point home, stick-and-carrot-wise...) Cheers, Robert Hettinga - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
NEWS: UMass, IBM helping bid for consensus on info payments
--- begin forwarded text X-Authentication-Warning: rmc1.crocker.com: newshare owned process doing -bs Date: Tue, 24 Nov 1998 13:26:29 -0500 (EST) From: IIPC Webmaster [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] To: IIPC Update [EMAIL PROTECTED] Subject: NEWS: UMass, IBM helping bid for consensus on info payments MIME-Version: 1.0 Status: U _ UNIVERSITY OF MASSACHUSETTS LAUNCHES MULTI-DISCIPLINE E-COMMERCE CENTER; IBM PROVIDES TECH SUPPORT; INFO PAYMENT TRIALS TO INVOLVE CLICKSHARE, OTHERS; ROUNDTABLE SUMMIT CONFERENCE PLANNED FOR FEB. 28-MARCH 2 AMHERST, Mass., Nov. 24, 1998 -- A pioneering effort to help build industry consensus around new ways to charge for digital information delivery was announced Tuesday by University of Massachusetts researchers. The Internet Information Payments Collaborative (IIPC.NET) is part of a broader electronic-commerce research center formed by computer science, business and economics faculty, researchers say. "Internet development is a group effort, and we think public- private collaboration among academic and business researchers is to everyone's advantage," says Dr. Leslie D. Ball, a professor at the Isenberg School of Management who is co-directing both initiatives. The info-payments effort is the first of a broader research initiative at UMass called the Interdisciplinary Center for Electronic Commerce (ICEC). International Business Machines Corp. has contributed "significant hardware and software resources" to the ICEC, Ball added. "Publishers are confused by the array of unproved options for managing and selling information on the Internet," says Stephen C. Mott, IIPC's other co-director. "We provide a way to pool research- and-development around finding a common infrastructure for on-demand purchase of digital information, including words, sounds and pictures." The payments collaborative plans a summit conference Feb. 28- March 2. (See: www.iipc.net/conference/). It will also study and market-test information-payment technologies, including one offered by a Massachusetts-based startup, Clickshare Service Corp., which is an IIPC technology collaborator. Both Mott and Ball said they saw the need for the IIPC emerging from the failure of several pioneering information-payment protocols to gain a critical-mass of commercial adoption. They said it is clear the market for information sales needs a forum for developing consensus on an operating structure. The network operating structure needs to support competitive yet interoperable marketing and pricing beyond subscriptions and advertising sales, they added. Ball says the collaborative plans an initial budget of $400,000 derived from a three-tiered corporate sponsorship structure. It will assess after a nine-month research-and-trial program whether to disband, continue or merge with an existing standards body. Ball joined UMass in September after more than a decade with Computer Sciences Corp., most recently running a multi-million dollar practice group within the El Segundo, Calif.-based information-technology consultant. Mott is a consultant and former senior vice president for electronic commerce with MasterCard International Corp. who preceding his business career with a stint in journalism at Dallas and Washington, D.C. dailies. He is also a director of Clickshare. Clickshare has provided initial resources to help establish the IIPC but the company will not control IIPC's research or recommendations, and relationships with other technology partners are likely, said Ball. He said publishers, banks, telcos and ISPs are among potential sponsors expressing interest in joining the collaborative. An established, not-for-profit technology-transfer organization chartered and controlled by UMass faculty will manage IIPC's technical work at the direction of IIPC's member steering committee. The Applied Computing Systems Institute of Massachusetts Inc. (ACSIOM), is based adjacent to the Amherst campus. -- 30 -- FOR MORE INFORMATION CONTACT: Dr. Leslie Ball, Room 202-D, Isenberg School of Management, University of Masssachusetts-Amherst, Amherst, MA 01003, 413-545-5654, [[EMAIL PROTECTED]]; or Stephen C. Mott, CSI Management Services Inc., 203-968-1967; [[EMAIL PROTECTED]] _ The Internet Information Payments Collaborative c/o The Applied Computing Systems Institute of Massachusetts Inc. Massachusetts Venture Center 100 Venture Way Hadley MA 01035 (413) 587-2180 [EMAIL PROTECTED] --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "...
FC: More on Network Associates and its crypto-politics
--- begin forwarded text X-Sender: [EMAIL PROTECTED] Date: Tue, 17 Nov 1998 17:44:01 -0500 To: [EMAIL PROTECTED] From: Declan McCullagh [EMAIL PROTECTED] Subject: FC: More on Network Associates and its crypto-politics Mime-Version: 1.0 Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-Loop: [EMAIL PROTECTED] X-URL: Politech is at http://www.well.com/~declan/politech/ Cabe Franklin [EMAIL PROTECTED] forwards this statement from Wes Wasson, director of marketing for Network Associates' security division: "NAI officially withdrew from the Key Recovery Alliance in late 1997. In May of 1998, NAI acquired Trusted Information Systems, which had been an active member of the KRA. NAI subsequently reliquished the leadership role TIS had taken in the organization. NAI Labs' TIS Advanced Research Division continues to monitor the KRA's activities from a technical perspective, but Network Associates in no way advocates mandatory key recovery." - Cabe Franklin (NAI PR) 415-975-2223 TIS supports export controls on encryption products. My article: http://www.well.com/user/declan/pubs/cwd.shadow.cryptocrats.0298.txt -Declan -- POLITECH -- the moderated mailing list of politics and technology To subscribe: send a message to [EMAIL PROTECTED] with this text: subscribe politech More information is at http://www.well.com/~declan/politech/ -- --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
ABA Call for Participation- Electronic Commerce Projects
--- begin forwarded text X-Sender: [EMAIL PROTECTED] Date: Tue, 17 Nov 1998 08:34:01 -0500 To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] (Effross Walter) Subject: ABA Call for Participation- Electronic Commerce Projects Mime-Version: 1.0 [This message is also available at http://www.abanet.org/buslaw/cyber/workgroup.html Apologies for cross-postings.] The American Bar Association's Subcommittee on Electronic Commerce invites lawyers, law professors, and law students to participate in its existing projects (described below) and to suggest new issues for its Working Groups to address. The next meeting will be held in Atlanta, Georgia on Friday-Saturday, January 15-16, 1999. Because much of the Subcommittee's activity is conducted "virtually" through e-mail, Web sites, and teleconference calls active contribution does not require regular attendance at ABA meetings. In short, the Subcommittee offers the opportunity to become involved, to the degree that you wish to contribute and without necessarily leaving your office, in shaping the most complex and rapidly-developing areas of today's commercial law. All members of the Subcommittee must be members of the American Bar Association, its Business Law Section, and the Section's Committee on Cyberspace Law. For information on joining (reduced rates are available for government lawyers and for law students), call (312) 988-5522, e-mail [EMAIL PROTECTED], or visit: http://www.abanet.org/ members/home.html. The home page of the Committee on Cyberspace Law is: http://www.abanet.org/buslaw/cyber/home.html Walter Effross, Subcommittee Chair Associate Professor, Washington College of Law American University [EMAIL PROTECTED] (202) 274-4210 Working Group on Consumer Protection [new] At its first meeting, the Working Group intends to examine the current projects of the Committee as well as relevant activities of other organizations, in order to determine the issues on which the Working Group should focus its attention. The Working Group will assess the expertise of its members, the projects that will have the greatest impact upon consumers and the ways in which the Working Group may most effectively proceed. Among the projects the Working Group will consider are developing a Model Privacy Policy for Web sites and conducting a review of ongoing projects to determine whether they take consumer needs into account. Examples of projects that may be considered are the Model Law on Money Transmitters and EFT, the Uniform Electronic Transactions Act, and the Model Home Banking Agreement. Chairs: Professor Jean Braucher, [EMAIL PROTECTED] Professor Mark Budnitz, [EMAIL PROTECTED] Working Group on Electronic Commercial Practices The Working Group will be establishing on a special page of the ABA's Web site, and ultimately publishing, a collection of contract clauses that are designed to address issues that span a wide variety of electronic commerce contracts. These clauses will be grouped by topic; within each topic, the relative advantages and disadvantages of alternative provisions will be evaluated. The initial set of topics includes: (1) provisions for electronic signature of contracts themselves and for documents to be executed within the scope of the contract; (2) provisions concerning the identification of the capacity in which the "electronic signer" executes a document, for purposes of binding the signer personally and/or the signer's principal; (3) provisions for the "electronic execution" of an agreement in counterparts (for example, by each recipient's electronic signature and return of one electronic copy); (4) provisions for notice by electronic mail; (5) the scope and effect of "entire agreement" provisions in the context of electronic mail or Web pages; and (6) provisions that allow modification only by the electronic equivalent of "a written instrument signed by each of the parties hereto." Chairs: Professor Christina Kunz, [EMAIL PROTECTED] Professor Jane Kaufman Winn, [EMAIL PROTECTED] Working Group on Electronic Evidence The Working Group on Electronic Evidence will be initiating a project to create an ABA publication on Electronic Business Records as Evidence in Commercial Litigation. The publication will include checklists,forms, and recommendations for businesses on generating, storing, purging, and retrieving electronic records such as e-mail; framing effective discovery requests for electronic business records, and responding accurately to such requests; establishing or disputing the admissibility of electronic business records; and maintaining the attorney-client privilege with respect to electronic business records. Chairs: Rae Cogar,
Plug: Check out wasp.org...
http://www.wasp.org/ is a site which belongs to WASP's author, and DBS and DCSB member, Steven Smith. When it's finished, the current version is about 70%-there alpha, WASP will be an open source web application delivery platform written in JAVA for XML/HTML. Steve and I were talking about using WASP for digital commerce, financial cryptography, and dbts applications Friday night, at Anthony's Pier 4, during the Constitution Yacht Club awards banquet. (Naw, not *that* kind of yacht club. CYC, while I'm plugging things, and for those of you who sail in Boston, charges all of $75/yr, and it mostly does very friendly, but hotly contested :-) 'round-the-bouy races and cookouts, all out of a one-room prefab houseboat clubhouse tied up at the Constitution Marina on Boston Harbor in Charlestown. Steve graciously answered a cattlecall on the DCSB list for crew this summer, and now does foredeck on Corisan, the 1968 Columbia 38-footer a bunch of us old farts race on every Thursday night, when it's warm enough to, anyway.) So, seeing that WASP is still being built, and Steve is crypto-clueful, I thought I'd spam the crypto community (and a few others :-)) about WASP so that Steve could get some comments on what he has now, and requests for new stuff he can add to WASP. And, of course, since it's open source, to solicit WASP additions, if WASP indeed doesn't suck, both crypto and otherwise, from other clueful people both inside the country and otherwise. :-). The following is from Steve's FAQ on WASP, sans links, so it might read strangely here in text. Cheers, Bob Hettinga 1. What is the WASP? The WASP is an OpenSourceTM platform (library) for developing complex web applications. It is written in Java and runs under any system which will support the Java Servlet API. (eg. Sun's JavaWebServer, Apache (via Live Software's JRun), NetScape, IIS and others.) The current version is: 0.7a. Download it now. I think this is 70% to a 1.0 release. 0.8a will be out by 11/16 and will include the DataAccessObject (org.wasp.data.*). 2. How does the WASP work? The WASP parses .wasp files which consist of standard HTML and some additional XML tags that are used to control the behavior of the WASP. All .wasp files should be consistent with XML syntax. The WASP allows you to add new tags and functionality easily. The default set of tags provide standard script features, including: variable substitution, conditional processing, looping, dynamic SQL queries (for prototyping only), interfaces to Data Access Objects, etc. Session management is provided by the underlying Servlet API and WASP applications have access request, session, and global namespaces. See the Javadoc. 3. Who can use the WASP? Anyone can use it for Free! Better yet, you can download the source. The WASP is released under the Library General Public License (LGPL), so if you make any improvements to the WASP, the results must be free as well. WARNING: This software is still alpha stage. It works, but there are no Makefiles or INSTALL instructions yet. You're on your own. An example .wasp page will be posted soon. 4. Why would I want to use the WASP? That is probably the subject for an entire whitepaper which I don't have time to write. I wrote this software because all the methods I have found for developing web applications suck in some way or other. Even monumental OpenSource treasures like Apache and Perl leave something to be desired when considering a complex application. Before I go trashing everyone else's stuff though, let me tell you why The WASP doesn't suck: It is easily extended so you can make it do whatever you want. It is written in Java so you can use any server OS or Database. It seperates HTML from SQL and Java application logic, thereby allowing designers to design and programmers to program. It is fast and scaleable. It will run well enough on your hopped up 486 linux box and it will scream on your 10 CPU Sparc Mega Server. If you run NT, I'm sure it'll work there too. (Shame on you for wasting good hardware!) It encourages the development of reusable business objects. It can talk to dynamic data sources/services that are not SQL-Based! (Important for complex distributed object applications.) It is OpenSource, so when you run into a bug, you can fix it! It is comprehendable by any experienced object programmer. (Only ~3000 lines of code) It is Free! 5. What's wrong with the other stuff? The other standard methods for developing web apps all suffer from one or more of the following: They involve editing single files containing 5 or more programming lanugages, all with different syntax, and which execute in 5 different places at 5 different times. They require you to surf the tech-support websites of your tools vendors hoping for clues to some bug. They yield unmaintainable / throwaway solutions. They tie you to a single vendor's hardware, operating system, or database. They force you to use
FW: Pitney Bowes Taps Cybercash for Electronic Payments
--- begin forwarded text From: Somebody To: [EMAIL PROTECTED] Subject: FW: Pitney Bowes Taps Cybercash for Electronic Payments Date: Thu, 12 Nov 1998 10:59:50 -0500 MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal Importance: Normal forward as you wish, **without** my name please. Pitney Bowes Taps Cybercash for Electronic Payments American Banker / November 12, 1998 : Pitney Bowes Inc., which provides mailing equipment and software to 2,000 top billing organizations, is planning for the day when more mail will be delivered electronically. The company said Tuesday that it will incorporate Cybercash Inc.'s Internet payment services into its Digital Document Delivery, or D3, bill presentment and payment system. D3 lets billers deliver bills and statements to consumers through a Web site. Pitney Bowes said it is successfully piloting D3 with United Illuminating Co. of New Haven, Conn. Working with Cybercash, Pitney Bowes will enable payments of bills presented on Web sites, via e-mail, at portal sites on the Internet, or at third-party bill concentrators, using Cybercash's electronic check or credit card service. "Both statement rendering and remittance processing can be managed in one integrated system for a truly end-to-end solution," said John F. Kwant, director of business development for Stamford, Conn.-based Pitney Bowes. "The wholesale bank is the big winner," said Richard Crone, vice president of Cybercash. "Billers enroll consumers and the wholesale bank processes the payments. "The key for the wholesale bank is when the statement goes to all channels and the payment comes back to the biller's bank," he said. "We're the armored car for delivering the payment to the wholesale bank." the rest snipped. Fair use, and all that... --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Microsoft Statement
--- begin forwarded text X-Authentication-Warning: www.ispo.cec.be: majordom set sender to [EMAIL PROTECTED] using -f Date: Thu, 5 Nov 1998 09:16:56 -0500 From: Freddie Dawkins [EMAIL PROTECTED] Subject: Microsoft Statement To: CEC E-commerce list [EMAIL PROTECTED] MIME-Version: 1.0 Sender: [EMAIL PROTECTED] Precedence: bulk Reply-To: Freddie Dawkins [EMAIL PROTECTED] All here - I thought you might like to see this. It was published at the ICX London conference on October 19. Rgds Freddie Dawkins ICX - Building Trust in E-commerce Statement of Microsoft on UK Department of Trade and Industry Proposals for Encryption on Digital Signatures October 1998 Microsoft welcomes this opportunity to respond to recent DTI proposals on encryption and digital signatures. As a leading developer of business software applications, on-line tools and operating systems, Microsoft strongly supports the growth of electronic commerce in Europe. 1. UK legislation should eliminate all key escrow and key recovery requirements. The UK should not make the use of encryption subject to mandatory key escrow. The DTI's Secure Electronic Commerce Statement of April 1998 contemplates authorising law enforcement to obtain access to private encryption keys on request. This could effectively require users or encryption service providers to "escrow" their private keys, which would depart from the Statement's rejection of mandatory key escrow and make the use of encryption more costly and burdensome. Many users would also view the obligation to store copies of their private keys as compromising the security of their on-line messages, thus deterring them from fully exploiting electronic commerce. Mandatory key escrow does not serve any legitimate law enforcement goals. Key escrow serves no legitimate law enforcement goals because criminals and terrorists are unlikely to store their private keys or provide them to police on request. Law enforcement's needs in this area could be fully met by requiring users to produce the plain text of any message to which police require access. 2. The proposed legislation should extend legal recognition to all digital signatures. Legal recognition should extend to all electronic signatures, not just those issued by licensed certification authorities (CAs). The secure Electronic Commerce Statement would limit legal recognition to certificates issued by licensed CAs. Because virtually all users will want to rely on the legal validity of their electronic signatures, this would effectively require the use of licensed CAs. Such a rule would impose unnecessary costs on electronic commerce and would place UK law in conflict with the proposed EU Electronic Signatures Directive, which extends legal recognition to both licensed and unlicensed electronic signatures. UK law should extend legal recognition to closed-system and limited-use certificates and affirm parties' freedom of contract. Electronic signatures are used in a variety of closed systems and for a broad range of specific uses, such as on-line banking and credit card systems. Because closed-system and limited-use certificates will play a crucial role in the development of on-line applications, the law should expressly extend legal recognition to such certificates. UK legislation should also treat electronic and paper transactions the same in terms of freedom of contract, so that private parties have the same flexibility to structure their electronic transactions as they do for traditional forms of commerce. The proposed legislation should not require licensed CAs to escrow encryption keys. Many users of electronic signatures will refuse to allow their private encryption keys to be escrowed, and will therefore refuse to use licensed CAs if they must also hand over their private encryption keys. Such a result would undermine the use of electronic signatures and would threaten the development of electronic commerce in the UK. Thus, UK law should allow licensed CAs to provide encryption services without maintaining a key escrow or key recovery system. 3. DTI should abandon plans to extend existing export controls to "intangible" transfers. Applying existing export controls to intangible transfers of encryption is unworkable and impractical. In its recent white paper on Strategic Export Controls (July 1998), DTI announced plans to extend existing export controls to intangible transfers. However, strong encryption is widely available on the Internet from servers located outside the UK. Thus, the proposed restrictions would not prevent criminals from using strong encryption, but would impose added costs and burdens on lawful manufacturers and distributors of encryption products. The proposed export controls will harm UK firms. UK businesses already face a competitive disadvantage to foreign competitors due to restrictions on exporting encryption in tangible
Digicash in serious trouble
--- begin forwarded text X-Sender: [EMAIL PROTECTED] Mime-Version: 1.0 Date: Thu, 5 Nov 1998 12:03:10 -0500 To: [EMAIL PROTECTED] From: Felix Stalder [EMAIL PROTECTED] Subject: Digicash in serious trouble Sender: [EMAIL PROTECTED] Precedence: bulk Reply-To: [EMAIL PROTECTED] [bad news] http://www.news.com/News/Item/0,4,28360,00.html By Tim Clark Staff Writer, CNET News.com November 4, 1998, 6:05 p.m. PT Electronic-cash pioneer DigiCash said today it's filing for Chapter 11 bankruptcy protection after shrinking its payroll to about six people from nearly 50 in February. The company, which has been running off a bridge loan from its venture capital investors since June, is seeking new investors from established financial institutions or a buyer for its software technology. The company's operations in the Netherlands, where it was founded, were liquidated in September. "To really launch and brand something like this in the Internet space is likely to take a fair amount more capital," said Scott Loftesness, DigiCash's interim CEO since August. "It's more appropriate for strategic investors, corporate players or banks themselves as a consortium model." Electronic-cash schemes have found difficult sledding recently. First Virtual Holdings, which had a form of e-cash, exited the business in July. CyberCash's CyberCoin offering hasn't really caught on. Digital Equipment, now part of Compaq Computer is testing its Millicent electronic cash, and IBM is in early trials for a product called Minipay. Under bankruptcy laws, DigiCash's Chapter 11 filing allows the company to continue operations, while keeping its creditors at bay as the company reorganizes. Most of DigiCash's $4 million in debt is owed to its initial venture capital financiers who extended the bridge loan, August Capital, Applied Technology, and Dutch investment firm Gilde Investment. DigiCash's eCash allows consumers to make anonymous payments of any amount--and anonymity differentiates eCash against other e-cash schemes. DigiCash's intellectual property assets include patents, protocols, and software systems that also could be used for applications, like online electronic voting or private scrip issued by a particular retailer. DigiCash suffered a setback in September when the only U.S. bank offering its scheme, Mark Twain Bank, dropped the offering. But a number of major banks in Europe and Australia offer or are testing DigiCash's electronic cash. Also in September, DigiCash closed its Dutch operations and liquidated its assets there. Loftesness said DigiCash has a list of 35-40 potential partners, and he has been talking to players like IBM for months. He expects to resolve DigiCash's status in the next five months. "Everybody feels anonymous e-cash is inevitable, but the existing situation was not going to get there from here," said Loftesness, who is frustrated by potential partners telling him, "This is absolutely strategic, but unfortunately it's not urgent." The company was founded by David Chaum and was well-known in the Internet's earliest days. MIT Media Labs' Nicholas Negroponte is a director of DigiCash. --- # distributed via nettime-l : no commercial use without permission # nettime is a closed moderated mailinglist for net criticism, # collaborative text filtering and cultural politics of the nets # more info: [EMAIL PROTECTED] and "info nettime-l" in the msg body # URL: http://www.desk.nl/~nettime/ contact: [EMAIL PROTECTED] -|---| Les faits sont faits. http://www.fis.utoronto.ca/~stalder --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'