Re: [cryptography] Is Bitcoin legal?

[John Levine]

Bitcoins aren't securities, because they don't act like securities.
There's no promise to pay, no nominal value, and you don't have a
claim on some part of something else.

Earlier I said that bitcoins are digital tulip bulbs, but now that I
think about it, they're really digital pet rocks.  They have no
inherent utility or value, only novelty value.  Like pet rocks,
they're worth what some other collector is willing to pay for them.
Just because someone is willing to swap you a beer in exchange for two
pet rocks doesn't make them money.

I suppose there could be tax implications if people swap stuff for
bitcoins, but that's no different than any other barter transaction.

R's,
John
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Is Bitcoin legal?

[James A. Donald]

On 2011-06-16 12:34 PM, Jeffrey Walton wrote:

From Frye's comments
 I�m no economist, but I can�t help wondering why Bitcoin
 aren�t unregistered securities.  Uh-oh?  Maybe someone
 will be hearing from the SEC?"


Bitcoin is supposed to be illegal.  It is supposed to displace 
government fiat, which is illegal.


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Is Bitcoin legal?

[Oleksandr Nikitin]

Where's the line between unregistered securities and, for example,
gift cards, Linden Dollars, Zynga money, Microsoft Points or other
"virtual currencies" out there?
I don't live in USA, but interested anyway.

On Thu, Jun 16, 2011 at 05:34, Jeffrey Walton  wrote:
> On Wed, Jun 15, 2011 at 10:14 PM, Steven Bellovin  
> wrote:
>> http://www.concurringopinions.com/archives/2011/06/mining-for-bitcoins.html
>>
>> and it's worth noting that the author of that post, Brian Frye, is a law
>> professor: 
>> http://law.hofstra.edu/directory/faculty/VisitingFaculty/visfac_frye.html
>>
> From Frye's comments
>    I’m no economist, but I can’t help wondering why Bitcoin
>    aren’t unregistered securities.  Uh-oh?  Maybe someone
>    will be hearing from the SEC?"
>
> Sounds like its time to get Bitcoin in the hands of [key] politicians.
> PAC contributions, anyone?
> ___
> cryptography mailing list
> cryptography@randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>



-- 
With best wishes, Oleksandr Nikitin
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Is Bitcoin legal?

[Jeffrey Walton]

On Wed, Jun 15, 2011 at 10:14 PM, Steven Bellovin  wrote:
> http://www.concurringopinions.com/archives/2011/06/mining-for-bitcoins.html
>
> and it's worth noting that the author of that post, Brian Frye, is a law
> professor: 
> http://law.hofstra.edu/directory/faculty/VisitingFaculty/visfac_frye.html
>
>From Frye's comments
I’m no economist, but I can’t help wondering why Bitcoin
aren’t unregistered securities.  Uh-oh?  Maybe someone
will be hearing from the SEC?"

Sounds like its time to get Bitcoin in the hands of [key] politicians.
PAC contributions, anyone?
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] Is Bitcoin legal?

[Steven Bellovin]

http://www.concurringopinions.com/archives/2011/06/mining-for-bitcoins.html

and it's worth noting that the author of that post, Brian Frye, is a law
professor: 
http://law.hofstra.edu/directory/faculty/VisitingFaculty/visfac_frye.html

--Steve Bellovin, https://www.cs.columbia.edu/~smb





___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] crypto & security/privacy balance (Re: Digital cash in the news...)

[Jeffrey Walton]

On Wed, Jun 15, 2011 at 5:51 PM, James A. Donald  wrote:
> On 2011-06-15 6:22 PM, Adam Back wrote:
>>
>> Then there are countries where crypto is officially or effectively already
>> banned - there being caught with privacy tech on your laptop, cell phone
>> etc
>> would be dangerous.
>
> Which, however, tend to be the countries where there is lots of privacy tech
> on people's lap tops.
>
> Consider Al Quaeda.  The US, rightly, does not allow anything to limit its
> pursuit of Al Qaeda.  The US does not bother with arrests nor charges, nor
> worry overmuch about innocent bystanders.  All is fair in love and war.
Debatable, but off topic.

> Do al Qaeda members say "Oh dear, I guess encryption is out for us.  It
> might look suspicious."
http://www.theregister.co.uk/2011/03/22/ba_jihadist_trial_sentencing/

Jeff
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] crypto & security/privacy balance (Re: Digital cash in the news...)

[James A. Donald]

On 2011-06-16 4:47 AM, Nico Williams wrote:

That's nice, but not scalable.  Scale that up enough and you have
anarchy, which is just a temporary situation until a strongman takes
over.


Firstly:
Anarchy always exist.  The state is an island in a sea of anarchy, and 
that island increases or diminishes from decade to decade.  In 
particular, our banking system is now collapsing as the state pervades 
it, for the state lacks both the competence and the moral integrity 
needed to operate banking.  Basel was an expansion of that island, and 
when the banking system collapses and is bypassed, this will reduction 
in the state:


Secondly:
States, a monopoly of force, are not that easy to establish.  It took 
the Taliban nine years, using the most horrifying and desperate means, 
to establish state authority in Afghanistan after communism fell.


For a single authority to make itself supreme, to attain a broadly 
accepted monopoly of force, is invariably long, costly and terrible, 
requiring at best the means the Sherman applied in his march to the sea, 
at worst the methods that Taliban applied.


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] crypto & security/privacy balance (Re: Digital cash in the news...)

[James A. Donald]

On 2011-06-15 7:05 PM, Nico Williams wrote:

It's only when push comes to shove that crypto
doesn't help.


In the conflict with Al Quaeda, as in any war, push has come to shove, 
and yet encryption does help.



Long before push comes to shove you have to deal with the fact that
your crypto is only a small part of the big picture: do you know if
your peers are malicious?


If some of your peers are not malicious, mixing will work.  If all of 
your peers are malicious, steganography will work.


Because menacing state demands for the contents of your files are 
common, steganography is common, for example truecrypt.  Because state 
attacks on encrypted communication are uncommon, people do not stego 
their communications.  But if the state attacked encrypted 
communications, then we would also see plenty of encrypted communication 
stego.


The state can escalate - but so can we.

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] crypto & security/privacy balance (Re: Digital cash in the news...)

[James A. Donald]

On 2011-06-15 6:22 PM, Adam Back wrote:

Then there are countries where crypto is officially or effectively already
banned - there being caught with privacy tech on your laptop, cell phone
etc
would be dangerous.


Which, however, tend to be the countries where there is lots of privacy 
tech on people's lap tops.


Consider Al Quaeda.  The US, rightly, does not allow anything to limit 
its pursuit of Al Qaeda.  The US does not bother with arrests nor 
charges, nor worry overmuch about innocent bystanders.  All is fair in 
love and war.


Do al Qaeda members say "Oh dear, I guess encryption is out for us.  It 
might look suspicious."

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] If this isn't a honey-pot, it should be

[Nico Williams]

Regarding Goole Analytics, this is what noscript is for.

Nico
--
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] If this isn't a honey-pot, it should be

[Marsh Ray]

On 06/15/2011 01:43 PM, markus reichelt wrote:

* Marsh Ray  wrote:


Note that this site is sourcing Google analytics.


... so?


A site can be no more secure than the places from which it sources 
script (or just about any resource other than images). In all 
probability Google is not the weakest link in the security, but if they 
wanted to take over this web page completely they could do so using only 
supported script functionality.


Furthermore it shows that the site is, in fact, supplying the visitors' 
metadata to one of the largest cross-referencing identity databases on 
the planet.


- Marsh
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] crypto & security/privacy balance (Re: Digital cash in the news...)

[Nico Williams]

On Wed, Jun 15, 2011 at 1:36 PM, StealthMonger
 wrote:
> Some folks do not choose to have a state.  For them, all states are
> foreign powers.

That's nice, but not scalable.  Scale that up enough and you have
anarchy, which is just a temporary situation until a strongman takes
over.  And even for a few individuals it's a problem.  How do you make
a living?  Even if you're independently wealthy, where do you get your
supplies?  What are you doing online?  How will you get online in a
world where most people necessarily live in states, thus your access
to _them_ depends on those states.  Push comes to shove you could live
as a hermit, armed to the teeth to defend yourself from those foreign
powers.

You're not convincing me that crypto is the answer.  It's part of the
answer, sure, but not _the_ answer.

Even though this is about crypto, it's still OT.  Have the last word,

Nico
--
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] crypto & security/privacy balance (Re: Digital cash in the news...)

[Nico Williams]

On Wed, Jun 15, 2011 at 1:36 PM, StealthMonger
 wrote:
> Some folks do not choose to have a state.  For them, all states are
> foreign powers.

That's nice, but not scalable.  Scale that up enough and you have
anarchy, which is just a temporary situation until a strongman takes
over.  And even for a few individuals it's a problem.  How do you make
a living?  Even if you're independently wealthy, where do you get your
supplies?  What are you doing online?  How will you get online in a
world where most people necessarily live in states, thus your access
to _them_ depends on those states.  Push comes to shove you could live
as a hermit, armed to the teeth to defend yourself from those foreign
powers.

You're not convincing me that crypto is the answer.  It's part of the
answer, sure, but not _the_ answer.

Even though this is about crypto, it's still OT.  Have the last word,

Nico
--
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] crypto & security/privacy balance (Re: Digital cash in the news...)

[Jeffrey Walton]

On Wed, Jun 15, 2011 at 2:36 PM, StealthMonger
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Nico Williams  writes:
>
>> crypto has a place ... to protect us ... from foreign powers, and
>> from casual inspection by one's state 
>
> Some folks do not choose to have a state.  For them, all states are
> foreign powers.
>
>> You must participate in ... politics   you must change [your
>> society's] culture 
>
> No, you may simply go your own way in peace.
Ask anyone who lived under the Khmer Rouge or Democratic Republic of
Vietnam about this.

Jeff
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] If this isn't a honey-pot, it should be

[markus reichelt]

* Marsh Ray  wrote:

> Note that this site is sourcing Google analytics.

... so?

-- 
left blank, right bald


pgpIlDKJ7BOSh.pgp
Description: PGP signature
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] crypto & security/privacy balance (Re: Digital cash in the news...)

[StealthMonger]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Nico Williams  writes:

> crypto has a place ... to protect us ... from foreign powers, and
> from casual inspection by one's state 

Some folks do not choose to have a state.  For them, all states are
foreign powers.

> You must participate in ... politics   you must change [your
> society's] culture 

No, you may simply go your own way in peace.

- -- 


 -- StealthMonger 
Long, random latency is part of the price of Internet anonymity.

   uinmyn: Is this anonymous browsing, or what?
   
http://groups.google.com/group/alt.privacy.anon-server/msg/59a1d785aaa19de5?dmode=source&output=gplain

   stealthmail: Hide whether you're doing email, or when, or with whom.
   mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html


Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ 

iEYEARECAAYFAk342yoACgkQDkU5rhlDCl7j0wCghWZg3XK75QnouNT3Lup8KSCx
ohsAn1jqEm3amszVrUElcmfoTMG/lFDi
=ZPhI
-END PGP SIGNATURE-

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] If this isn't a honey-pot, it should be

[Marsh Ray]

On 06/15/2011 12:00 PM, Jack Lloyd wrote:


https://encryptur.com/

In fairness, this is no worse that downloading some random program off
the internet and using it for the same purpose.


But it is. If you download a 'random' program off the internet it's 
unlikely to have been targeted at you specifically.


Whereas for an online service the attacker learns your IP, geolocation, 
exact time, etc. in association with the plaintext and then he has the 
option of keeping your plaintext or weaken your ciphertext at the time 
you perform the encryption.


Note that this site is sourcing Google analytics.


At least here the
worst case is basically that someone gets your plaintext (and later
extorts you when you want the plaintext back), vs rootkiting your
machine when you run that proggie as Admin.


Rootkits are bad, but at least it's happening on your machine and your 
network where you can observe, isolate, and wipe it.


- Marsh
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] If this isn't a honey-pot, it should be

[Jack Lloyd]

Need something to be encrypted? Just upload it to us and we'll
encrypt it for you. Don't worry, we delete everything. Promise.

https://encryptur.com/

In fairness, this is no worse that downloading some random program off
the internet and using it for the same purpose. At least here the
worst case is basically that someone gets your plaintext (and later
extorts you when you want the plaintext back), vs rootkiting your
machine when you run that proggie as Admin.

-J
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] crypto & security/privacy balance (Re: Digital cash in the news...)

[Nico Williams]

On Wed, Jun 15, 2011 at 3:22 AM, Adam Back  wrote:
> Well said StealthMonger, I suspect Nico is in the minority on this list with
> that type of view.
>
> I read Nico's later reply also.  Short of banning crypto privacy and
> security rights stand a better chance of being balanced by more deployment
> of crypto.  (In terms of warrantless wiretaps etc which seem to just keeping
> going and getting worse in many supposedly civilized western democracies.)
> There are still plenty of things government security people can usefully do
> towards security - spend the money on inflitration of groups who are real
> security threats.

Don't misunderstand me: I think crypto has a place, and that place is
mostly to protect us from other private citizens, from foreign powers,
and from casual inspection by one's state (i.e., keeping the state and
its minions honest).  It's only when push comes to shove that crypto
doesn't help.

Long before push comes to shove you have to deal with the fact that
your crypto is only a small part of the big picture: do you know if
your peers are malicious? are your compute resources physically
secure? are you certain of that? are they tamper resistant? are there
unpatched, or worse, unknown-to-you vulnerabilities in your software
(or worse, firmware, or worse, hardware) that others could exploit? is
your key management secure?

Security is oh so much more than just using AES, so much more than
just using secure cryptographic protocols and algorithm suites.
Crypto does not completely change the nature of security in the online
world versus physical security in the off-line world -- there's
analogies for most situations.  Crypto alone is not a panacea.

If you want to live in a free society you must do more than hide
behind ciphers.  You must participate in its politics to keep your
society free.  If it isn't already free, then you have a very big
problem -- crypto can only be a small part of how you might address
it.

For example, if in order to free your society you conclude that you
must change its culture openly, then crypto won't help you for you
must speak publicly.  Crypto will help you, to a point, if you're
trying to organize a revolt, but don't be surprised when crypto fails
to keep you safe in that case -- you'll likely need weapons and to be
willing to use them.

BTW, I'm surprised any of what I've said on this is remotely controversial.

Nico
--
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] crypto & security/privacy balance (Re: Digital cash in the news...)

[Adam Back]

Well said StealthMonger, I suspect Nico is in the minority on this list with
that type of view.

I read Nico's later reply also.  Short of banning crypto privacy and
security rights stand a better chance of being balanced by more deployment
of crypto.  (In terms of warrantless wiretaps etc which seem to just keeping
going and getting worse in many supposedly civilized western democracies.)
There are still plenty of things government security people can usefully do
towards security - spend the money on inflitration of groups who are real
security threats.

I would say privacy tech & crypto is essential to maintaining a good point
on the security/privacy balance in a world where security policy
encroachment has gone into overdrive.  To retain electronic liberty, crypto
is the answer.  I dont think crypto can be realistically banned in western
countries at this stage, the electronic part of security encroachment is
mostly opportunistic hoovering up things that are not protected.

There are multiple privacy properties - confidentiality of communication
contents, privacy of association (cryptographic freedom of association) like
pseudonymous email (protection against traffic analysis), cryptographic
enforced member only discussion groups/chats.

Then there are countries where crypto is officially or effectively already
banned - there being caught with privacy tech on your laptop, cell phone etc
would be dangerous.

Crypto and other privacy techniques can counteract somewhat - with
steganography, that though obviously its a tough threat model.  See 


http://www.nytimes.com/2011/06/12/world/12internet.html?_r=1

Its also a kind of interesting conflict that western governments think of
themselves, or try to portray themselves as moral forces of good and yet
there are a few cases where this technology the US is helping fund really
needs to be used in western democracies, including the US.  


The UK governments right to force key disclosure is an abomination, no
civilized country should be going in that direction.

Adam

On Tue, Jun 14, 2011 at 10:30:18PM +0100, StealthMonger wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Nico Williams  writes:


Crypto will NOT protect you from the state.


Hmm?  Protection from the state is the very reason some of us are
here.  Even Philip Zimmermann wrote twenty years ago [1]

  Why Do You Need PGP? ...  you may be doing something that you feel
  shouldn't be illegal, but is.

And the very title of David Chaum's 1985 paper was "Security without
Identification: Transaction Systems to Make Big Brother Obsolete" [2]

[1] pgpdoc1.txt

[2] CACM 28(10), October 1985

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] sander & ta-shma + bitcoin, b-money, hashcash (Re: Is BitCoin a triple entry system?)

[Adam Back]

Efficiency is relative.  Vs a central bank and Brands credentials its
inefficient - a handful of modexps vs say one hundred or a thousand.  Vs
bitcoin with longest hash chain wins, and minimum hash being 10 minutes work
for the entire network, I think straight DLREP on all the coins in a time
interval is OK.  And having to wait for a few intervals to have confidence
your transferred coin is in a non-orphan chain to have confidence vs pretty
much instant deposit.

Note you can tune the time interval size, and so the size of the DLREP
problem.  DLREP is linear in the number of coins.

Adam

On Tue, Jun 14, 2011 at 07:40:10PM +1000, James A. Donald wrote:

It is not a design, but an idea for a design.

There is no efficient zero knowledge proof that has the required
properties.

On 2011-06-14 6:13 PM, Adam Back wrote:

[...]
They use Merkle trees to improve the computation efficiency (reduce the
size of the representation problems that have to be presented and
verified).

I dont understood why bitcoin didnt use it


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Digital cash in the news...

[James A. Donald]

On 2011-06-15 7:58 AM, Nico Williams wrote:

Uncivilized state actors will not give a damn about your crypto.  They
will torture you, your friends, your family.


If they can find you.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography