See trustedpc.org the "Trusted Computing Platform Alliance, or TCPA, formed by Compaq, HP, IBM, Intel and Microsoft.
It "trusts" the hardware from a special chip on the mainboard, which trusts the BIOS, which trusts the Harddisk bootblock, which trusts the OSloader, which trusts the OS, which trusts the software application, which trusts the stream. This is done through a "privacy certificate agency" that just identifies your pc uniquely (and really, we will not keep records of who you are, those will be destroyed after you've submitted your identity and we have checked it!)
Ofcourse, trust here doesn't mean that YOU can trust your PC, but that THEY can trust YOUR PC.
If this standard makes it, the opensource community has a big problem.
For a few years people have been working behind the screens to make the general purpose PC a certified hardware device.
All hardware vendors are involved in the "trusted PC" initiative. From BIOS, See www.trustedpc.org
The specification has been published in december 2001.
Certified by an additional chip on your mainboard, before your BIOS even boots. It certifies BIOS, then bootblock, then OSloader, and then the OS and its applications. They really want you not to be able to see or hear content if there is even a single piece of hardware or software not certified. Let's hope it will become a failure.
Ofcourse, it is all done as a "privavy meassure" with a "privacy Certificate Agency" that will only unique mark you as anonymous entity, and which will not "store" your information after your application. Right.
Canada, Japan, South Africa and the United States, who took part in the drafting, also signed the treaty today.
So, this means they (or at least their goverment) promises to help do key escrow etc. So the government will ask the key from cryptoheaven if they have it. There is no point in giving them they key at all. They cannot secure it. In fact, they should refuse all keys for this very reason.
I appreciate your site a lot (not only because you have posted some of my own material on it:)
Your site hosts obvious controversial papers. Yet you clearly don't want to have your site mirrored. You state so on your website and your robots.txt disallows it. Why don't you want the information on cryptome and jya to be mirrored? I noticed you changed this policy briefly after the sep 11 attacks,and ofcourse immediately grabbed a copy.
But I'd still like to have a synchronised copy. Not even to publish now, but just to have in case cryptome disappears for whatever reasons.
I already have slash.dot, or at least I had it
until Nielsen vanished from the earth and
apparently took.dot with him. It featured all
the slashdot.org censored articles:)
They say "routing instability" not "BGP instability".
However, further down in the article they mention that people might need to give BGP packets some preference so that they don't get dropped when something like a microsoft virus sweeps through your routers, causing BGP reconnects (and thus BGP instability)
The police is legally allowed to get in for free,
so we gave them different colour wristbands, just
like we gave them different colour badhes at HIP,
see Police at Hip'97. Ofcourse, there were
and will be undercover agents, so don't be stupid.
We're trying to invite the police to give a talk
about the new tapping laws, but so far we didn't
get anyone who is willing (or able, or allowed)
to explain the lawful interception side of the
tapping issue.
Yes. police will attend. We've already talked
to them. Look for different colour wristbands:)
HAL is the last place on earth to do illegal
things. But if you want to learn about the police,
there are plenty of relevant workshops about them.
I know of at least 5 people closely entertwined
with CCC/Cypherpunks/Hacktic that got requests
to sign his key. I guess originally it all stemmed
from the failed keysigning party at Hip'97.
(failed because DDT never published the material)
I guess I'll see Lutz and HAL2001, and he can
explain it:)
From my (limited) experience, what I see in court cases that comes from computers is too complex
for most judges or even lawyers to grasp. As long
as judges can't even rule sensibly about things as
hyperlinks and deep linking, I fear that judging
whether or not the information can be tampered
or manipulated/selected at the LEA's is completely
over their heads.
The ETSI standards maturing now (see Opentap) in Europe provide LEA's with encrypted (and signed) information, so the LEA's are pretty sure about the authenticity of the material. The defense
could in theory see when information was ommited,
since the data sent to the LEA includes a serial
number per packet, but the ISP's box has no
digital signature of its own, so the LEA can just
"create" any information it would want. The ISP
isn't allowed to keep copies (or even buffer) the
data sent to LEA's.
We'll just have to trust them.
Some more of my comments can be found on
Cryptome.
I'll be talking about the tapping laws at
Hal2001, august 10-12,
in the Netherlands.
Lutz Donnerhacke mailed a massive amount of people
to sign his key even though they never met him.
It shows how successful (and thus meaningless)
this web of trust is if you don't know the people
in that web personally. A high ranking in this
list can still be easily obtained, as Lutz has
shown.
For what it's worth. I have a login at a very big
Dutch ISP, and have been accidently subscribed to
Macromedia's mailinglist by users inputting the
wrong username on various occasions. I'd receive dozens of emails before I could get off, for which I had to download their plugin to watch a webpage to unsubscribe to begin with!
They might have an opt-in, but they have no
"confirm before adding" policy which I think is
essential in todays running of a mailinglist.
In that aspect, they should be on MAPS, though
I believe Above.net's policy for blocking all
traffic is wrong.
I think everyone will agree that "ssh" is a protocol, not a trademark. If anything, it is based on the term "rsh", so would Berkely now be able to do what Tatu is suggesting the community does now, to change the name of a competing product?
I'm glad Tatu developed it, but ssh had problems from the start with commercial licences. Heck, I
actually TRIED to get get a comercial licence but the entire DataFellows thing was a huge disaster. I gave up on trying to buy it. Now that's not OpenSSH's mistake.
Next, here comes the US with their "open source crypto is allowed", and RedHat starts deploring it massively with their 7.0 distribution. It's a worldwide success, and now Tatu has a real problem. Most people know the difference between ssh and openssh, but if 1% doesn't, Tatu gets a lot of non-customers and that is annoying.
And as a sidenote, Tatu know claims that OpenSSH is causing problems for keeping sshv1 intact. While his reasoning might be very valid, the practise is that we all went through hell with the various v1-only and v2-only servers and clients. Tell an entire campus to buy new software from DataFellows because their new clients dont support v1, and all old clients won't support v2. OpenSSH was a blessing to get things to work for everyone.
Sorry, all this warfare is just the result of Tatu (rightfully!) trying to make a living the wrong way, by selling licences instead of using a more modern opensource model to sell support contracts and become the free world (non-US) leading crypto company.
Ofcourse, I wonder now what Alex de Joode will do
with openssh.org, he already had a fight with the openbsd people:)
I talked to these people two years ago, and they
had a functinal system, mostly used to communicate
with trucks in unknown odd territoria, such as
Russia.
The guy also told me they had lots and lots of
interference from the NATO bombing on Serbia
Paul
1...The website displays a copyright logo. Did Sealand sign the Berne Convention, and thus does it respect copyright?
2...Explain who is the real owner, because outsiders are confused with havenco, principality-sealand.net and sealandgov.com
3...Will I be allowed to store encrypted files there that HavenCo can't possible read, condone nor condemn?
4...Why does Havenco insist on policies that allow them to remove content based on their disgretion? How many judges does Sealand have to deal with this, or will Joe random Sysadmin play judge?
5...How will havenco prevent their backbone ISP or that ISP's country from interfering with Sealand/Havenco?
You'll have to ask Alex, but even to me the distinction between openssh and openbsd is already quite unclear and it does seem to be overly focused on openbsd. This isn't domain parking, it is using a common logical domainname to offer information. Alex wants the name to indicate free ssh implementations, and not just one single group developing one single implementation. You can then argue who should have the name but that is pointles, because the first-come first-server principle holds true in that case.
As for who thought of the name and who leaked out what, I have no clue nor interest.
I was asked by Niels Provos (OpenBSD/OpenSSH) to talk to Alex de Joode about this issue back in november, because I seemed to have some neutral position in this and just happened to know both sides personally.
As far as I understood the issue, Alex was concerned that the OpenBSD people would make OpenSSH too focused on OpenBSD. Apparently talking with Theo de Raadt didn't help any. In an email to me he offered them DNS references from www/ftp/cvs .openssh.org to any host(s) that Niels would supply, but he wanted to keep control of the domainname just incase it indeed would get focused on just OpenBSD. I conveyed that message to Niels, but don't know why this issue never got properly resolved. But I know the silly namecalling and the pointer at the.com side pointing out Alex is a squatter shows a lot of unprofessionalism from the OpenBSD people.
A similar ruling happened in the case of Scientology versus Spaink and providers in the Netherlands. See the end of the ruling at:
http://www.xs4all.nl/~kspaink/cos/verd2eng.html
For instance, it says:
DECLARES it to be the law that by having a link on their computer systems which when activated brings about a reproduction of the works that CST has the copyright to on the screen of the user, without the consent of the plaintiffs, the Service Providers are acting unlawfully if and insofar that they have been notified of this, and moreover the correctness of the notification of this fact cannot be reasonably doubted, and the Service Providers have then not proceeded to remove this link from their computer system at the earliest opportunity;
The good news is, Scientology itself appealed the ruling:)
I think spam will kill itself sooner. One should only need to think as a spammer. Imagine I have a porn site. At the time where 40% of my potential clients have DSL or a fast cable modem, I'm going to send out 15MB sample video clips of porn. Users still using isdn or 33k/57k will roar. Spam wil kill itself under its own weight, and rather sooner then later I think.
This might be appropriate for content published on ISP systems by trackable users. But when a complaining party only has a fairly anonymous email address (user@isp.com) then the ISP must get involved somehow. It's the only place where a possible party can complain. The matter of liability on content are unmistakingly connected to the privacy and/or anonimity of the ISP's user. There are various drafts and reports on these matters. The draft of the new European e-commerce guidelines, but also the WIPO has just released a raport that also mentions anonimity etc. (http://wipo2.wipo.int)
Slashdot Mirror
And it makes GnomeMeeting illegal too (unless I could use another XP licence for that)
See trustedpc.org the "Trusted Computing Platform Alliance, or TCPA, formed by Compaq, HP, IBM, Intel and Microsoft.
It "trusts" the hardware from a special chip on the mainboard, which trusts the BIOS, which trusts the Harddisk bootblock, which trusts the OSloader, which trusts the OS, which trusts the software application, which trusts the stream. This is done through a "privacy certificate agency" that just identifies your pc uniquely (and really, we will not keep records of who you are, those will be destroyed after you've submitted your identity and we have checked it!)
Ofcourse, trust here doesn't mean that YOU can trust your PC, but that THEY can trust YOUR PC.
If this standard makes it, the opensource community has a big problem.
For a few years people have been working behind the screens to make the general purpose PC a certified hardware device.
All hardware vendors are involved in the "trusted PC" initiative. From BIOS, See www.trustedpc.org
The specification has been published in december 2001.
Certified by an additional chip on your mainboard, before your BIOS even boots. It certifies BIOS, then bootblock, then OSloader, and then the OS and its applications. They really want you not to be able to see or hear content if there is even a single piece of hardware or software not certified. Let's hope it will become a failure.
Ofcourse, it is all done as a "privavy meassure" with a "privacy Certificate Agency" that will only unique mark you as anonymous entity, and which will not "store" your information after your application. Right.
Leto
for i in `cat rsync.list| egrep -v "^#"` /vol/backup/$HOSTNAME/$DATE
/vol/backup/$HOSTNAME/$DATE
do
HOSTNAME=`echo $i| awk -F: '{print $1;}'`
DIRECTORY=`echo $i| awk -F: '{print $2;}'`
DATE=`date +%A`
install -d
rsync --numeric-ids --compress --rsh=/usr/bin/ssh --recursive --archive --relative --sparse --one-file-system --compare-dest=/vol/backup/$HOSTNAME/current $HOSTNAME:$DIRECTORY
done
Then once a week we run a similar script that updates the 'current' directories and uses --delete
(rsync.list contains entries like "hostname:/some/mounted/partition")
Wrong: reread the cybercrime URL you posted:
Canada, Japan, South Africa and the United States, who took part in the drafting, also signed the treaty today.
So, this means they (or at least their goverment) promises to help do key escrow etc. So the government will ask the key from cryptoheaven if they have it. There is no point in giving them they key at all. They cannot secure it. In fact, they should refuse all keys for this very reason.
Mr Young,
:)
I appreciate your site a lot (not only because you have posted some of my own material on it
Your site hosts obvious controversial papers. Yet you clearly don't want to have your site mirrored. You state so on your website and your robots.txt disallows it. Why don't you want the information on cryptome and jya to be mirrored? I noticed you changed this policy briefly after the sep 11 attacks,and ofcourse immediately grabbed a copy.
But I'd still like to have a synchronised copy. Not even to publish now, but just to have in case cryptome disappears for whatever reasons.
Paul Wouters
Hey,
.dot with him. It featured all
:)
I already have slash.dot, or at least I had it
until Nielsen vanished from the earth and
apparently took
the slashdot.org censored articles
Leto
They say "routing instability" not "BGP instability".
However, further down in the article they mention that people might need to give BGP packets some preference so that they don't get dropped when something like a microsoft virus sweeps through your routers, causing BGP reconnects (and thus BGP instability)
Leto
the UTwente range is not used. HAL has its own
range from RIPE:
http://www.ripe.net/perl/whois?query=hal2001
inetnum: 217.155.0.0 - 217.155.255.255
netname: HAL2001
descr: HAL2001 event
country: NL
admin-c: CB127
admin-c: OD45
tech-c: CB127
tech-c: OD45
status: ASSIGNED PI
notify: netmaster@xs4all.nl
mnt-by: XS4ALL-MNT
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
changed: hostmaster@ripe.net 20010221
source: RIPE
We're trying to invite the police to give a talk about the new tapping laws, but so far we didn't get anyone who is willing (or able, or allowed) to explain the lawful interception side of the tapping issue.
Yes. police will attend. We've already talked :)
to them. Look for different colour wristbands
HAL is the last place on earth to do illegal
things. But if you want to learn about the police,
there are plenty of relevant workshops about them.
I know of at least 5 people closely entertwined
:)
with CCC/Cypherpunks/Hacktic that got requests
to sign his key. I guess originally it all stemmed
from the failed keysigning party at Hip'97.
(failed because DDT never published the material)
I guess I'll see Lutz and HAL2001, and he can
explain it
Paul
The ETSI standards maturing now (see Opentap) in Europe provide LEA's with encrypted (and signed) information, so the LEA's are pretty sure about the authenticity of the material. The defense could in theory see when information was ommited, since the data sent to the LEA includes a serial number per packet, but the ISP's box has no digital signature of its own, so the LEA can just "create" any information it would want. The ISP isn't allowed to keep copies (or even buffer) the data sent to LEA's.
We'll just have to trust them.
Some more of my comments can be found on Cryptome. I'll be talking about the tapping laws at Hal2001, august 10-12, in the Netherlands.
Lutz Donnerhacke mailed a massive amount of people
to sign his key even though they never met him.
It shows how successful (and thus meaningless)
this web of trust is if you don't know the people
in that web personally. A high ranking in this
list can still be easily obtained, as Lutz has
shown.
http://www.xtdnet.nl/paul/deja/
I've already gone through this with Deja. Guess
I will start again with Google.
For what it's worth. I have a login at a very big
Dutch ISP, and have been accidently subscribed to
Macromedia's mailinglist by users inputting the
wrong username on various occasions. I'd receive dozens of emails before I could get off, for which I had to download their plugin to watch a webpage to unsubscribe to begin with!
They might have an opt-in, but they have no
"confirm before adding" policy which I think is
essential in todays running of a mailinglist.
In that aspect, they should be on MAPS, though
I believe Above.net's policy for blocking all
traffic is wrong.
Leto
I think everyone will agree that "ssh" is a protocol, not a trademark. If anything, it is based on the term "rsh", so would Berkely now be able to do what Tatu is suggesting the community does now, to change the name of a competing product?
:)
I'm glad Tatu developed it, but ssh had problems from the start with commercial licences. Heck, I
actually TRIED to get get a comercial licence but the entire DataFellows thing was a huge disaster. I gave up on trying to buy it. Now that's not OpenSSH's mistake.
Next, here comes the US with their "open source crypto is allowed", and RedHat starts deploring it massively with their 7.0 distribution. It's a worldwide success, and now Tatu has a real problem. Most people know the difference between ssh and openssh, but if 1% doesn't, Tatu gets a lot of non-customers and that is annoying.
And as a sidenote, Tatu know claims that OpenSSH is causing problems for keeping sshv1 intact. While his reasoning might be very valid, the practise is that we all went through hell with the various v1-only and v2-only servers and clients. Tell an entire campus to buy new software from DataFellows because their new clients dont support v1, and all old clients won't support v2. OpenSSH was a blessing to get things to work for everyone.
Sorry, all this warfare is just the result of Tatu (rightfully!) trying to make a living the wrong way, by selling licences instead of using a more modern opensource model to sell support contracts and become the free world (non-US) leading crypto company.
Ofcourse, I wonder now what Alex de Joode will do
with openssh.org, he already had a fight with the openbsd people
Paul
I talked to these people two years ago, and they had a functinal system, mostly used to communicate with trucks in unknown odd territoria, such as Russia. The guy also told me they had lots and lots of interference from the NATO bombing on Serbia Paul
Zenon has to show up for the appeal next week in Sweden. He hasn't completely lost yet :)
Leto
1...The website displays a copyright logo. Did
Sealand sign the Berne Convention, and thus does
it respect copyright?
2...Explain who is the real owner, because outsiders are confused with havenco, principality-sealand.net and sealandgov.com
3...Will I be allowed to store encrypted files there that HavenCo can't possible read, condone nor condemn?
4...Why does Havenco insist on policies that allow them to remove content based on their disgretion? How many judges does Sealand have to deal with this, or will Joe random Sysadmin play judge?
5...How will havenco prevent their backbone ISP or that ISP's country from interfering with Sealand/Havenco?
You'll have to ask Alex, but even to me the distinction between openssh and openbsd is already quite unclear and it does seem to be overly focused on openbsd. This isn't domain parking, it
is using a common logical domainname to offer information. Alex wants the name to indicate free ssh implementations, and not just one single group developing one single implementation. You can then argue who should have the name but that is pointles, because the first-come first-server principle holds true in that case.
As for who thought of the name and who leaked out what, I have no clue nor interest.
Paul
I was asked by Niels Provos (OpenBSD/OpenSSH) to talk to Alex de Joode about this issue back in november, because I seemed to have some neutral position in this and just happened to know both
.com side pointing out Alex is a squatter shows a lot of unprofessionalism from the OpenBSD people.
sides personally.
As far as I understood the issue, Alex was concerned that the OpenBSD people would make OpenSSH too focused on OpenBSD. Apparently talking with Theo de Raadt didn't help any. In an email to me he offered them DNS references from www/ftp/cvs
.openssh.org to any host(s) that Niels would supply, but he wanted to keep control of the domainname just incase it indeed would get focused on just OpenBSD. I conveyed that message to Niels, but don't know why this issue never got properly resolved. But I know the silly namecalling and the pointer at the
Paul Wouters
A similar ruling happened in the case of Scientology versus Spaink and providers in the Netherlands. See the end of the ruling at:
:)
http://www.xs4all.nl/~kspaink/cos/verd2eng.html
For instance, it says:
DECLARES it to be the law that by having a link on their computer
systems which when activated brings about a reproduction of the
works that CST has the copyright to on the screen of the user,
without the consent of the plaintiffs, the Service Providers are
acting unlawfully if and insofar that they have been notified of
this, and moreover the correctness of the notification of this fact
cannot be reasonably doubted, and the Service Providers have then
not proceeded to remove this link from their computer system at the
earliest opportunity;
The good news is, Scientology itself appealed the ruling
I think spam will kill itself sooner. One should
only need to think as a spammer. Imagine I have
a porn site. At the time where 40% of my potential
clients have DSL or a fast cable modem, I'm going
to send out 15MB sample video clips of porn. Users
still using isdn or 33k/57k will roar. Spam wil
kill itself under its own weight, and rather sooner then later I think.
Leto
This might be appropriate for content published
on ISP systems by trackable users. But when a
complaining party only has a fairly anonymous
email address (user@isp.com) then the ISP must get
involved somehow. It's the only place where a
possible party can complain.
The matter of liability on content are unmistakingly connected to the privacy and/or
anonimity of the ISP's user. There are various
drafts and reports on these matters. The draft
of the new European e-commerce guidelines, but
also the WIPO has just released a raport that
also mentions anonimity etc. (http://wipo2.wipo.int)
Leto