Re: Your source code, for sale
- Original Message - From: Hal Finney [EMAIL PROTECTED] Sent: Friday, November 05, 2004 7:01 AM Tyler Durden writes: So my newbie-style question is, is there an eGold that can be verified, but not accessed, until a 'release' code is sent? In other words, say I'm buying some hacker-ed code and pay in egold. I don't want them to be able to 'cash' the gold until I have the code. Meanwhile, they will want to see that the gold is at least there, even if they can't cash it yet. Is there a way to send a 'release' to an eGold (or other) payment? Better yet, a double simultaneous release feature makes thing even more interesting. In the world of international trade, where mutual distrust between buyer and seller is often the rule and there is no central authority to enforce the law, this is traditionally achieved by interposing not less than three trusted third parties: the shipping line, the opening bank and the negotiating bank. First, the buyer asks his bank to open an irrevocable letter of credit (L/C), which is a letter sent to the seller's bank instructing it to pay the seller once the latter presents a given set of documents: these usually include the bill of lading (B/L), issued by the shipping line to declare that the desired cargo was indeed loaded on board. The seller gets the letter of gredit from his bank and is now sure that he will be paid by the latter (which he trusts); so he purchases or manufactures the goods, delivers them to the shipping line getting the B/L, passes it together with the other documents to his bank, and draws the payment. The seller's bank sends by mail the documents to the buyer's bank (which it trusts due to long-standing business relationships), knowing that it will eventually receive the settlement money. The buyer's bank receives the documents, debits the buyer's account, remits the monies to the seller's bank, and delivers the documents to the buyer. When the ship arrives to the buye's seaport, the buyer goes to the shipping line, presents to it the B/L and in exchange gets the cargo (in sea shipments, the B/L represents title to the goods). I've been thinking about how to do this kind of thing with ecash. That's way trickier because there are no trusted third parties, not even e-gold Ltd. / GSR, Inc. The trust chain with the L/C works well because delegation of trust is unnecessary: every link in the chain bears responsibility only to its adjacent links. [...] In the case of your problem there is the issue of whether the source code you are buying is legitimate. Only once you have inspected it and satisfied yourself that it will suit your needs would you be willing to pay. But attaining that assurance will require examing the code in such detail that maybe you will decide that you don't need to pay. Interestingly, with L/C's this problem is addressed by involving yet another third party: an internationally-recognized inspection company (e.g., the Swiss SGS) that issues a document certifying that the cargo is indeed what the buyer expects and not, i.e., bricks. Banks and shipping lines don't want to get involved in these issues; the seller's bank will only check all the documents requested by the L/C (possibly including the inspection certificate). You could imagine a trusted third party who would inspect the code and certify it, saying the source code with hash XXX appears to be legitimate Cisco source code. Then they could send you the code bit by bit and incrementally show that it matches the specified hash, using a crypto protocol for gradual release of secrets. You could simultaneously do a gradual release of some payment information in the other direction. But it's hard to assess the value of partially-released code. If the gradual transfer bits-against-cents is aborted, what is left to the buyer is likely to be unusable, whereas the partial payment still represents good value. A more general issue is that source code is not a commodity, and intellectual property is not real property: so the traditional cash on delivery paradigm just doesn't work, and looking for protocols implementing it kind of moot. If the code is treated as trade secret, rather than licensed, an anonymous buyer may make copies and resell them on the black market more than recovering his initial cost, at the same time undercutting your legitimate sales (see e.g. the cases of RC4 and RC2). This can cause losses order of magnitude larger than refusing to pay for his copy. Enzo - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Your source code, for sale
Tyler Durden wrote: Hum. So my newbie-style question is, is there an eGold that can be verified, but not accessed, until a 'release' code is sent? proof-of-delivery protocols might help (but they're patented, as I discovered when I reinvented them a few years back). In other words, say I'm buying some hacker-ed code and pay in egold. I don't want them to be able to 'cash' the gold until I have the code. Meanwhile, they will want to see that the gold is at least there, even if they can't cash it yet. Is there a way to send a 'release' to an eGold (or other) payment? Better yet, a double simultaneous release feature makes thing even more interesting. Simultaneous release is (provably?) impossible without a trusted third party. I think this is one of the interesting applications of capabilities. Using them, you can have a TTP who is ignorant of what is running - you and your vendor agree some code that the TTP will run, using capability based code. In your case, this code would verify the eGold payment and the code (difficult to do this part with certainty, of course) and release them when both were correct. Because of the capabilities, the TTP could run the code without fear, and you would both know that it performed the desired function, but neither of you could subvert it. Cheers, Ben. -- ApacheCon! 13-17 November! http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Your source code, for sale
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Finney, Hal (CR) [SNIP discussion on ripping cash] The problem is that if the source code you are purchasing is bogus, or if the other side doesn't come through, you're screwed because you've lost the value of the torn cash. The other side doesn't gain anything by this fraud, but they harm you, and if they are malicious that might be enough. Quick fix for seller incentive: the seller rips some amount of their own cash in such a way that they cannot recover it unless the buyer provides the remainder of the buyer's ripped cash. -Michael Heyman - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Corporate governance goals impossible - RSA
http://www.theregister.co.uk/2004/11/04/rsa_redux/print.html The Register Biting the hand that feeds IT The Register » Business » Management » Original URL: http://www.theregister.co.uk/2004/11/04/rsa_redux/ Corporate governance goals impossible - RSA By John Leyden (john.leyden at theregister.co.uk) Published Thursday 4th November 2004 16:43 GMT Companies are struggling to cope with tighter corporate governance regimes, which might even work against the goal of achieving improved IT security they are partly designed to promote. The need to comply with requirements such as data protection, Sarbanes-Oxley, Basel II and other corporate governance reforms is tying up IT managers in red tape, according to a banking security expert. Recent legislation is having a negative impact on risk management, said Michael Colao, director of Information Management at Dresdner Kleinwort Wasserstein. In some cases, the law has made IT managers legally responsible for adherence to corporate governance rules. Colao says that this may not necessarily be a good thing. CIOs are now relying on convoluted processes rather than using sound business judgement based on years of experience. A process is easier to defend in court than personal judgement. This means that in many cases unnecessarily cautious decisions are being taken because the CIO is focusing on their own personal liability, rather than what is best for the business, he said.? Different implementations of the European Data Protection Directive in different countries are creating a headache for multinational firms, according to Colao. This legislation was brought in as part of the EU common market and was supposed to provide clarity and harmony across Europe. Because each country implements legislation in very different ways, the result is a very fragmented and disjointed approach which causes all sorts of problems, particularly for global organisations, he said. Colao made his comments at the Axis Action Forum, a meeting of IT directors sponsored by RSA Security, in Barcelona this week. RSA Security said differences in European legislation highlighted by Colao were a real problem for its clients. Tim Pickard, strategic marketing director at RSA Security EMEA, said: The nature of implementation of EU directives in member states means that it is almost impossible for today's global CIO to be fully compliant and is therefore likely to be breaking the law in at least one member state. Business managers becoming fed up with FUD In a separate study, more than a third of the 30 delegates to the Axis Action Forum admitted that their Board had never asked for an update on security or implications of security breaches. The finding suggests widespread boardroom indifference to security issues despite the high profile security has been given in the media and by numerous industry initiatives. Firms only take security seriously in the aftermath of attacks, according to one delegate. Part of the reason could be that business managers are becoming inured to alarmist security pitches. Simon Linsley, head of consultancy and development, Philips said: For years we have had to go to the Board with messages that create the Fear of God. We can no longer rely on these doom and gloom messages - we have to go to the Board with solutions that add value to the business. The Axis Action Forum attended by more than 30 CIOs, IT directors and heads of security from a range of medium to large businesses. ® Related stories UK corporate governance bill to cost millions (http://www.theregister.co.uk/2004/09/08/companies_bill_it_costs/) Hackers cost UK.biz billions (http://www.theregister.co.uk/2004/04/28/dti_security_survey/) IT voices drowned in corporate governance rush (http://www.theregister.co.uk/2004/04/22/it_in_corporate_governance/) Big.biz struggles against security threats (http://www.theregister.co.uk/2004/10/27/netsec_security_survey/) © Copyright 2004 -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
When A Pencil And Paper Makes Sense
http://www.forbes.com/2004/11/05/cx_ah_1105tentech_print.html Forbes Ten O'Clock Tech When A Pencil And Paper Makes Sense Arik Hesseldahl, 11.05.04, 10:00 AM ET Thank goodness, it's over. Sometime around 4:30 A.M. Wednesday I went to bed, not the least bit uncertain that George W. Bush had been re-elected. But the one thing during this election cycle about which I have been uncertain is electronic voting. Florida in 2000 was a mess, and in reaction, some states and counties have turned to newfangled electronic voting machines, thinking that computer technology is the answer to a voting system that has started to creak under pressure. It seems that despite much worry about a repeat of Florida in other states, voting has gone pretty smoothly. Electronic voting methods are getting high marks. Of the 27,500 voting problems reported to the Verified Voting Project, a San Francisco-based group that monitored the election for voting problems, less than 6% of the issues reported stemmed from electronic voting machines. Election officials in states like Nevada, Georgia and Hawaii gave electronic voting systems a try. There were some problems: a memory card on an electronic voting machine in Florida failed; five machines in Reno, Nev., malfunctioned, causing lines to back up. Overall voter turnout was high. The Committee for the Study of the American Electorate, a nonprofit, nonpartisan outfit based in Washington, D.C., estimated that 120.2 million people, or 59.6% of those eligible to vote, cast ballots in this election, which would be an improvement of 5% and 15 million people, compared with the 2000 elections, and would make 2004's turnout the highest since 1968. Still, that's not as high as voter participation in my home state of Oregon, where 1.7 million people, or nearly 82% of those eligible, voted. In Oregon, voters cast their votes from home rather than going to a polling place. They submit their ballots by mail. The state abolished polling places in 1998 and has been voting entirely by mail ever since. Voters get their ballots roughly two weeks before election day. This year some were delayed because of an unexpectedly high number of voter registrations. Ballots must be received by county elections offices by 8 P.M. on the day of the election. Drop boxes are located throughout the state, as well. Voting should indeed take time and effort. It's undoubtedly important. But I like Oregon's common-sense approach. Voting from the comfort of your own home eliminates the inherent disincentive that comes from having to stand on a long line, for example. It's pretty simple. Oregon voters fill out their ballots using a pencil, just like those standardized tests everyone took in high school. If they want to write in a candidate, the ballot allows for that, too. I thought of this as I stood for about 45 minutes in a long, cold line at 6:30 A.M. to vote in my neighborhood in New York's Upper East Side. Throughout the day I heard reports from around the country of people who had to stand in line for as long as eight hours so they could vote, and I wondered how many others just threw up their hands in frustration because they had someplace else to be. The mail-in ballot also gives the voter a little time to consider his or her choice. Too often, voters will enter a voting booth knowing a few of the people they intend to vote for, but read about some ballot initiative or amendment for the first time. Rather than having to make a snap decision in the voting booth, having a ballot handy at home can give voters time to educate themselves and make a more informed decision. Sometimes, the best solution isn't a computer at all, but a good old-fashioned pencil and paper. Click here for more Ten O'Clock Tech Columns -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Your source code, for sale
Enzo Michelangeli writes: In the world of international trade, where mutual distrust between buyer and seller is often the rule and there is no central authority to enforce the law, this is traditionally achieved by interposing not less than three trusted third parties: the shipping line, the opening bank and the negotiating bank. Interesting. In the e-gold case, both parties have the same bank, e-gold ltd. The corresponding protocol would be for the buyer to instruct e-gold to set aside some money which would go to the seller once the seller supplied a certain receipt. That receipt would be an email return receipt showing that the seller had sent the buyer the content with hash so-and-so, using a cryptographic email return-receipt protocol. You could imagine a trusted third party who would inspect the code and certify it, saying the source code with hash XXX appears to be legitimate Cisco source code. Then they could send you the code bit by bit and incrementally show that it matches the specified hash, using a crypto protocol for gradual release of secrets. You could simultaneously do a gradual release of some payment information in the other direction. But it's hard to assess the value of partially-released code. If the gradual transfer bits-against-cents is aborted, what is left to the buyer is likely to be unusable, whereas the partial payment still represents good value. Actually you can arrange it so that neither the partially-released code nor the partially-transferred ecash is of any value until the whole transfer finishes. For example, send the whole thing first in encrypted form, then release the encryption keys bit-by-bit. If someone aborts the protocol early, the best each side can do is a brute force search over the untransferred bits to try to find the key to unlock the data they received. A more general issue is that source code is not a commodity, and intellectual property is not real property: so the traditional cash on delivery paradigm just doesn't work, and looking for protocols implementing it kind of moot. If the code is treated as trade secret, rather than licensed, an anonymous buyer may make copies and resell them on the black market more than recovering his initial cost, at the same time undercutting your legitimate sales (see e.g. the cases of RC4 and RC2). This can cause losses order of magnitude larger than refusing to pay for his copy. That's a good point. Maybe you could use some kind of DRM or trusted computing concept to try to force the buyer to lock up his received data. For source code that would be pretty difficult though, it needs to be handled in flexible ways. Hal - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Your source code, for sale
On Thu, Nov 04, 2004 at 03:01:15PM -0800, Hal Finney wrote: Another idea along these lines is gradual payment for gradual release of the goods. You pay 10% of the amount and they give you 10% of the source code. You pay another 10% and you get the next 10% of the source, and so on. (Or it could be nonlinear; maybe they give out half the code for free, but the final 10% requires a large payment.) The idea is that you can sample and make sure they do appear to have the real thing with a fairly small investment. If there is some mechanism for the seller to have a reputation (like Advogato's perhaps, with some spoofing immunity) then the problem is easier; the seller won't want to screw buyers because it hurts his rep. In that case it may be reasonable to ask the buyer to pay in advance, perhaps using the partial payment system just discussed. The mojonation file sharing system had an implementation like this originally... -- Taral [EMAIL PROTECTED] This message is digitally signed. Please PGP encrypt mail to me. A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? pgpdoIJZJgFGT.pgp Description: PGP signature
RE: Your source code, for sale
At 10:18 AM -0800 11/5/04, Hal Finney wrote: Yes, I'm looking at ideas like this for ecash gambling, but you have a who-goes-first problem. Whenever we talk about financial applications, where the assets represented by one bearer certificate are exchanged for those represented by another, what's really happening is a redeem-reissue process anyway. Since it's the underwriters' reputations you're trusting anyway, we've always assumed that there would be communication between the underwriters in order to execute, clear, and settle the trade all at once. For streaming stuff, we figured that since we were streaming cash for streaming bits, like movies, or content of some kind, you'd just do tit for tat, one stream (cash, probably signed probabalistically tested coins in the last iteration that we called Nicko-mint :-)) against another, the movie, song, etc being streamed. There's the missing last 5 minutes problem, but I think that, in recursive auction-settled cash market for digital goods like this (Eric Hughes' institutional 'pirate' scheme, the 'silk road' stuff, whatever), that there will always be another source to buy what's left from, once the intellectual property issues solve themselves because of the auction process. For things that aren't useful except in their entirety, like code, or executables, (or storing money :-)), I've always been a fan of the Mojo/BitTorrent stuff, where you hash the file into bits, ala m-of-n Shamir secret splitting, and store/buy them from lots of places at once. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Machine Error Gives Bush Extra Ohio Votes
http://apnews.myway.com/article/20041105/D865R1DO0.html Machine Error Gives Bush Extra Ohio Votes Email this Story Nov 5, 11:56 AM (ET) COLUMBUS, Ohio (AP) - An error with an electronic voting system gave President Bush 3,893 extra votes in suburban Columbus, elections officials said. Franklin County's unofficial results had Bush receiving 4,258 votes to Democrat John Kerry's 260 votes in a precinct in Gahanna. Records show only 638 voters cast ballots in that precinct. Bush actually received 365 votes in the precinct, Matthew Damschroder, director of the Franklin County Board of Elections, told The Columbus Dispatch. State and county election officials did not immediately respond to requests by The Associated Press for more details about the voting system and its vendor, and whether the error, if repeated elsewhere in Ohio, could have affected the outcome. Bush won the state by more than 136,000 votes, according to unofficial results, and Kerry conceded the election on Wednesday after acknowledging that 155,000 provisional ballots yet to be counted in Ohio would not change the result. The Secretary of State's Office said Friday it could not revise Bush's total until the county reported the error. The Ohio glitch is among a handful of computer troubles that have emerged since Tuesday's elections. In one North Carolina county, more than 4,500 votes were lost because officials mistakenly believed a computer that stored ballots electronically could hold more data than it did. And in San Francisco, a malfunction with custom voting software could delay efforts to declare the winners of four races for county supervisor. In the Ohio precinct in question, the votes are recorded onto a cartridge. On one of the three machines at that precinct, a malfunction occurred in the recording process, Damschroder said. He could not explain how the malfunction occurred. (AP) Voters waited up to three hours to cast ballots after one of two voting machines failed to work at... Full Image Damschroder said people who had seen poll results on the election board's Web site called to point out the discrepancy. The error would have been discovered when the official count for the election is performed later this month, he said. The reader also recorded zero votes in a county commissioner race on the machine. Workers checked the cartridge against memory banks in the voting machine and each showed that 115 people voted for Bush on that machine. With the other machines, the total for Bush in the precinct added up to 365 votes. Meanwhile, in San Francisco, a glitch occurred with software designed for the city's new ranked-choice voting, in which voters list their top three choices for municipal offices. If no candidate gets a majority of first-place votes outright, voters' second and third-place preferences are then distributed among candidates who weren't eliminated in the first round. When the San Francisco Department of Elections tried a test run on Wednesday of the program that does the redistribution, some of the votes didn't get counted and skewed the results, director John Arntz said. All the information is there, Arntz said. It's just not arriving the way it was supposed to. A technician from the Omaha, Neb. company that designed the software, Election Systems Software Inc., was working to diagnose and fix the problem. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Electonic Voting
Very timely. Udhay http://www.infosecwriters.com/hhworld/hh9/voting.txt Hitchhiker's World (Issue #9) http://www.infosecwriters.com/hhworld/ Observable Elections Vipul Ved Prakash mail @ vipul.net November 2004 This is an interesting time for electronic voting. India, the largest democracy in the world, went completely paper- free for its general elections earlier this year. For the first time, some 387 million people expressed their electoral right electronically. Despite initial concerns about security and correctness of the system, the election process was a smashing success. Over a million electronic voting machines (EVMs) were deployed, 8000 metric tonnes of paper saved[1] and the results made public within few hours of the final vote. Given the quarrelsome and heavily litigated nature of Indian democracy, a lot of us were expecting post-election drama, but only a few, if any, fingers were found pointing. Things didn't fare so well in the United States. SNIP, rest at URL -- ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com)) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Broward machines count backward
http://www.palmbeachpost.com/politics/content/news/epaper/2004/11/05/a29a_BROWVOTE_1105.html Palm Beach Post Broward machines count backward By Eliot Kleinberg Palm Beach Post Staff Writer Friday, November 05, 2004 FORT LAUDERDALE - It had to happen. Things were just going too smoothly. Early Thursday, as Broward County elections officials wrapped up after a long day of canvassing votes, something unusual caught their eye. Tallies should go up as more votes are counted. That's simple math. But in some races, the numbers had gone . . . down. Officials found the software used in Broward can handle only 32,000 votes per precinct. After that, the system starts counting backward. Why a voting system would be designed to count backward was a mystery to Broward County Mayor Ilene Lieberman. She was on the phone late Wednesday with Omaha-based Elections Systems and Software. Bad numbers showed up only in running tallies through the day, not the final one. Final tallies were reached by cross-checking machine totals, and officials are confident they are accurate. The glitch affected only the 97,434 absentee ballots, Broward Elections Supervisor Brenda Snipes said. All were placed in their own precincts and optical scanners totaled votes, which were then fed to a main computer. That's where the counting problems surfaced. They affected only votes for constitutional amendments 4 through 8, because they were on the only page that was exactly the same on all county absentee ballots. The same software is used in Martin and Miami-Dade counties; Palm Beach and St. Lucie counties use different companies. The problem cropped up in the 2002 election. Lieberman said ESS told her it had sent software upgrades to the Florida Secretary of State's office, but that the office kept rejecting the software. The state said that's not true. Broward elections officials said they had thought the problem was fixed. Secretary of State spokeswoman Jenny Nash said all counties using this system had been told that such problems would occur if a precinct is set up in a way that would allow votes to get above 32,000. She said Broward should have split the absentee ballots into four separate precincts to avoid that and that a Broward elections employee since has admitted to not doing that. But Lieberman said later, No election employee has come to the canvassing board and made the statements that Jenny Nash said occurred. Late Thursday, ESS issued a statement reiterating that it learned of the problems in 2002 and said the software upgrades would be submitted to Hood's office next year. The company was working with the counties it serves to make sure ballots don't exceed capacity and said no other counties reported similar problems. While the county bears the ultimate responsibility for programming the ballot and structuring the precincts, we . . . regret any confusion the discrepancy in early vote totals has caused, the statement said. After several calls to the company during the day were not returned, an ESS spokeswoman said late Thursday she did not know whether ESS contacted the secretary of state two years ago or whether the software is designed to count backward. While the problem surfaced two years ago, it was under a different Br oward elections supervisor and a different secretary of state. Snipes said she had not known about the 2002 snafu. Later, Lieberman said, I am not passing judgments and I'm not pointing a finger. But she said that if ESS is found to be at fault, actions might include penalizing ESS or even defaulting on its contract. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]