Re: maximize best case, worst case, or average case? (TCPA)
ardware > > chip to PCs back in 83 or 84 time frame (aka the TCPA idea for PCs is > going > > on at least 20 years old now). It was the first time I ran into > embedding > > chip in a metal case that would create electrical discharge frying the > chip > > if the container was breached. > > > > Remember when applications came with their own copy-protection floppy > > disks? it was possible to build up a library of such disks > > requiring all sorts of remove, search, insert ... when switching from one > > application to another. They eventually disappeared ... but imagine if > they > > had survived into the multitasking era when it would have been > > necessary to have multiple different copy protection floppy disks crammed > > into the same drive at the same time. The chip was suppose to provide an > > analog to the CPU serial number used for licensing software on mainframes > > dating at least from the original IBM 370s (store cpuid hardware > > instruction). > > > > Some of the higher-end applications still do that with some form of > dongle > > (originally in the serial port) that comes with the application it > > doesn't quite have the downside of trying to cram multiple floppies into > > the same drive concurrently; the serial port dongles allow for them to be > > inline cascaded ... and in theory still be able to use the serial port > for > > other use at the same time. > > > > i believe that there is some statistic some place about the UK and the US > > are really great that in those two countries the copyright piracy is > > estimated to only be 50 percent. > > -- > Ryan Lackey [RL7618 RL5931-RIPE][EMAIL PROTECTED] > CTO and Co-founder, HavenCo Ltd.+44 7970 633 277 > the free world just milliseconds away http://www.havenco.com/ > OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F > > > -- Ryan Lackey [RL7618 RL5931-RIPE][EMAIL PROTECTED] CTO and Co-founder, HavenCo Ltd.+44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: maximize best case, worst case, or average case? (TCPA)
I think dongles (and non-copyable floppies) have been around since the early 80s at least...maybe the 70s. Tamper-resistant CPU modules have been around since the ATM network, I believe, in the form of PIN processors stored inside safes) The fundamental difference between a "dongle" and a full "trusted module" containing the critical application code is that with a dongle, you can just patch the application to skip over the checks (although they can be repeated, and relatively arcane). If the whole application, or at least the non-cloneable parts of the application, exist in a sealed module, the rest of the application can't be patched to just skip over this code. Another option for this is a client server or oracle model where the really sensitive pieces (say, a magic algorithm for finding oil from GIS data, or a good natural language processor) are stored on vendor-controlled hardware centrally located, with only the UI executing on the end user's machine. What I'd really like is a design which accomplishes the "good" parts of TCPA, ensuring that when code claims to be executing in a certain form, it really is, and providing a way to guarantee this remotely -- without making it easy to implement restrictions on content copying. It would be nice to have the good parts of TCPA, and given the resistance to DRM, if security and TCPA have their fates bound, they'll probably both die an extended and painful death. I suppose the real difference between a crypto-specific module and a general purpose module is how much of the UI is within the trusted platform envelope. If the module is only used for handling cryptographic keys, as an addition to an insecure general purpose CPU, with no user I/O, it seems unlikely to be useful for DRM. If the entire machine is inside the envelope, it seems obviously useful for DRM, and DRM would likely be the dominant application. If only a limited user IO is included in the envelope, sufficient for user authentication and keying, and to allow the user to load initially-trusted code onto the general purpose CPU, but where the user can fully use whatever general purpose code on the general purpose CPU, even uncertified code, with the certified module, it's not really useful for DRM, but still useful for the non-DRM security applications which are the alleged purpose behind TCPA. (given that text piracy doesn't seem to be a serious commercial concern, simply keeping video and audio playback and network communications outside the TCPA envelope entirely is good enough, in practice...this way, both authentication and keying can be done in text mode, and document distribution control, privacy of records, etc. can be accomplished, provided there is ALSO the ability to do arbitrary text processing and computing outside the trusted envelope, .) If it's the user's own data being protected, you don't need to worry about the user intentionally circumventing the protections. Any design which removes control from the 'superuser' of the machine is fundamentally about protecting someone other than the user. This, I think, is the difference between TCPA and smartcards. Notice which one has in its short lifetime attracted far more enmity :) Quoting [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > > > I remember looking at possibility at adding tamper resisistent hardware > chip to PCs back in 83 or 84 time frame (aka the TCPA idea for PCs is going > on at least 20 years old now). It was the first time I ran into embedding > chip in a metal case that would create electrical discharge frying the chip > if the container was breached. > > Remember when applications came with their own copy-protection floppy > disks? it was possible to build up a library of such disks > requiring all sorts of remove, search, insert ... when switching from one > application to another. They eventually disappeared ... but imagine if they > had survived into the multitasking era when it would have been > necessary to have multiple different copy protection floppy disks crammed > into the same drive at the same time. The chip was suppose to provide an > analog to the CPU serial number used for licensing software on mainframes > dating at least from the original IBM 370s (store cpuid hardware > instruction). > > Some of the higher-end applications still do that with some form of dongle > (originally in the serial port) that comes with the application it > doesn't quite have the downside of trying to cram multiple floppies into > the same drive concurrently; the serial port dongles allow for them to be > inline cascaded ... and in theory still be able to use the serial port for > other use at the same time. > > i believe that there is some statistic some place about the UK and the US > ar
Re: anonymous digital cash and other (now) iffy stuff
you seem to imply, open warfare on personal liberty shall be declared, most of those concerns go away; if it's a felony to deploy ecash, you'll want to be anonymous anyway, and then violating someone's patent just doesn't seem like a big deal in comparison. > [...] > Sealand will probably still keep maintaining its idiotic claim to be an > independent state, but if the UK government wants to search they can > easily get a warrant. If sealand were outside UK territorial waters (it > ain't anymore) the navy can board at any time of their choice any structure > or vessel that is not registered with the shipping registry of a recognised > state that is in international waters. Sealand's claim to statehood rests on the following argument: 1) An artificial island, Roughs Tower, was constructed in 1942 by the British Government in then international waters, for the purpose of defense. This island was not constructed for the purposes of extending the UK's territory, but only to defend the UK's mainland from air or sea attack. 2) Subsequent to cessation of hostilities, WWII, 1945, the UK removed personnel and some equipment from the island, abandoning it. The UK did not return to the island at any subsequent point. 3) In 1966, Roy Bates, a UK citizen, along with others, landed on Sealand and occupied it. It was at this point abandoned for over 20 years by the UK government. Roy, his wife Joan, and son Michael established permanent primary residence on the island, renaming it Sealand. 4) Through repeated legal challenges, including firing on ships of the royal navy, mounting armed counter-invasion, resolving the issue of taxation of UK citizens resident on Sealand as if they were resident in any other foreign country, etc., Sealand's sovereignty has been repeatedly reaffirmed. We have a large body of supporting documentation from the past 59 years; I'll try to put more of it up on our website in the future. 5) Despite the UK extending territorial waters in 1987 to 12nm, Sealand was by that point established for more than 20 years, and extended its own territorial waters to 18nm the day before. Similarly, treaties and amendments to the laws of the sea in the 1980s prohibiting the construction of platforms in international waters by sovereign governments in order to extend territorial waters did not apply to the UK in 1942, nor did they apply to Sealand when founded in 1966. Such treaties also support the long legal tradition of artificial and reclaimed land being treated as land for the purposes of international and national law. None of this has been in the least affected by an apparent new willingness on the part of the US and other nations to invade arbitrary other nations. Sealand has nothing to do with any of the recent terrorist events; if Osama bin Ladin were, for instance, living on Sealand, I would fully expect Sealand would be asked to turn him over[1] or face invasion. Sealand's legal status is NOT the issue; international realpolitik of larger states vs. smaller ones is much more the issue. In fact, given such a situation, it seems more likely they would treat Sealand as a state, and ask us to comply with a demand placed in such language. Independently of that, HavenCo operates. If HavenCo/Sealand is shut down by invasion by the nation of ---, HavenCo can continue to operate from other locations; indeed, eliminating Sealand would simply establish more need for our services and ensure our next facility has more customers and capital equipment than Sealand. [1] There *was* a time where cypherpunks wrote code, rather than worrying about influencing legislation; they assumed the government was malicious and all powerful anddesigned technical systems to defeat them still; I don't think that time is over. Indeed, an upcoming conference, CodeCon, exists to advance the state of the art in and promote discussion of such systems; CFP to be sent shortly.) [2] Which would be done, but in multiple boxes/bags/jars, just as our ultimate response to someone presenting a clear military threat unless we hand over a given customer machine is to destroy it completely and then refund the customer's unused balance. -- Ryan Lackey [RL7618 RL5931-RIPE][EMAIL PROTECTED] CTO and Co-founder, HavenCo Ltd.+44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
[Announce] HavenCo Sealand Remailer Online
A AAAAAAAA AQAB - -End Mix Key- - -- Ryan Lackey [RL7618 RL5931-RIPE][EMAIL PROTECTED] CTO and Co-founder, HavenCo Ltd.+44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F -BEGIN PGP SIGNATURE- Comment: For info see http://www.gnupg.org iD8DBQE7pFF4B62+B9LgMB8RAvt9AJ9NP4C+MUAVfSVbWDEm3pHLwGLFjACgniyJ eOmNvq0SqDxoCmLENigWIBs= =ejVv -END PGP SIGNATURE- -- Ryan Lackey [RL7618 RL5931-RIPE][EMAIL PROTECTED] CTO and Co-founder, HavenCo Ltd.+44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Starium (was Re: article: german secure phone)
Quoting Bram Cohen <[EMAIL PROTECTED]>: > I heard from an investor that they decided the first box was 'not secure > enough' and spent a bunch more time and money building the second mox, > which makes it harder to do physical snooping at either end, as a result > of which they haven't shipped a product and are now imploding. I was told that the primary concern was lowering unit costs. The original COMSEC 3-DES phone had a unit cost of approximately USD 1000. Build cost was probably something like USD 300. The Privatel, etc. equipment seems to be USD 400-500, with a build cost of about USD 50-100. Eric's goal was a chipset suitable for mobile telephony (the primary market for secure telephones which are not inside the STE regime) and unit cost of +USD 50, with USD 20 or so chip cost. I'm sure there were a lot of problems with that -- FCC licensing, the difficulties of designing chips in general, any possible resistance from equipment/handset manufacturers, etc. It is highly unclear if there is enough of a market for USD 500 terminals which are not mobile and do not interoperate with STE. They are clearly not going to be sold into the STE marketplace. "Privacy fetishists" are not a viable market for any product except maybe t-shirts with cool slogans. Corporate users need more sophisticated key management than the current offerings. The real value users want mobile (GSM) functionality. The www.sectra.se Sectra Tiger provides decent key management and mobile use, but it's a USD 2 500 platform. I think they will sell more USD 2 500 DECT+GSM secure units than $500 privatels, though. Outside the US, outside PBXes, landlines are 100% dead in the market that can pay $500-2500 for security. Inside the US, they may be dead too. The only reason I can think of to use landline is to gain some measure of anonymity by using a random payphone or otherwise unlinkable phone; of course, anonymity is even less a viable market than privacy by about 100x, and if you really care, you can swap SIMs and optionally scramble IMEI in flash, or just replace phones between use. These secure phones, if they don't interoperate with STE and define their own standards, have serious "network effects" problems. I think the only way around it would be to have a free or low cost software/VoIP/VoIP-PSTN/voicemodem solution. If you gave away or sold cheaply a software version, and sold a hardware mobile terminal at USD 5 000, you would make more profit than if you sold only desktop terminals at USD 500-1000. That being said, phones suck. -- [EMAIL PROTECTED]+41 1 27 42 491 (corporate, fax) Chief Technical Officer +44 (0)7970 633 277 (mobile) HavenCo, Ltd. ||| Secure Offshore Colocation ||| http://www.havenco.com/ 1024D/4096g 0xD2E0301F B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
