Things have been going badly for Mr. Gates ever since Monsieur L'Entarteur, Noel Grodin, made him a present of a tasty cream pie. First the antitrust suit, then the arrival of Linux on the public consciousness and rapid exponential gain in popularity. In true Sumo wrestler style, he's tried to fend off one attack with another, pointing at the rise of Linux as a reason why he can't be a monopoly.
But the case isn't about what's happening now; it's about whether Microsoft had behaved illegally prior to February 1998. The DOJ can silence this line of argument with one simple suggestion:
"You only now have competition *because we're suing you*. You behaved illegally, so we dragged you into court. Now you're having to behave yourself to stand a chance in the trial, it's not as easy for you to tell people "you'd better buy our product because all our rivals are doomed", and competition is returning to the marketplace. But if the court allows you to get away with the way you used to behave, you'll be back to the usual FUD, lock-out, and illegal monopoly behaviour faster than you can say 'not guilty'. Your honour, I put it to you that this behavour can only be brought to an end if we THROW AWAY THE DAMN KEY!"
Anyway, I'm sure it won't matter. They've *really* pissed Judge Jackson off, and now Microsoft are going to lose so badly your head will spin in two directons at once. And they'll find it very hard to appeal the decision - especially after they jail Mr. Ballmer for perjury...
The Open Source Definition is pretty much the same as the Debian Free Software Guidelines, both by Bruce Perens, so if it doesn't meet the standards of one it won't meet the standards of the other. However I'm sure it'll soon meet both. And widespread use of DNSsec would be an *excellent* thing. --
The non-free code is mixed in with the free code ATM, such that creating a version of BIND that uses only free software is non-trivial. However, I believe that this is being undertaken by the ISC.
I'm definitly throwing some sort of party on September 20, 2000. I missed my chance when the Diffie-Hellman patent expired. --
There has to be a hierarchy of trust for these to be proper CRLs: ie, less priviledged keys have trust delegated to them by more priviledged keys, so the more priviledged keys can later revoke that trust by signing an appropriate CRL. Both keys are as trusted as each other and can replace themselves or each other.
I don't believe that the "NSAKEY" allows the NSA to read everyone's email that's encrypted with Windows - that was always an exaggeration. But it's clear that Microsoft are holding something back, because they have not produced a credible account of why the second key is there.
All they say is "in case the first key is destroyed". To which we all say "so why not take a backup"? And after that, it's all *sheer speculation* on our parts about what their actual reasons are, for example about whether they mean "compromise" rather than "destruction" (hint: volcanoes don't compromise keys) or whether there's some other need that backups wouldn't meet. It's speculation because Microsoft haven't told us. All I know is:
* Microsoft have not come up with a believable explanation of why there are two keys, either of which can validate a CSP
* And *neither has anyone else*, not Bruce Schneier, not Markus Kuhn, not any of the people on the mailing lists I'm on. No-one has suggested anything that would make this an even vaguely sensible way to do things, let alone a way past an NSA security review.
Frankly, if I hear a non-fishy explanation for this I'll be quite likely to believe it - it's true about Microsoft's historical stance in favour of strong crypto, even though the whole CryptoAPI signing thing rather goes against that in the first place. Until such an explanation surfaces, though, there's no reason at all to let Microsoft off the hook on this one. --
Sittin' on the back porch, drinking red wine...
on
9/9/99: News? Nein!
·
· Score: 4
On 6/6/66, I was little, I didn't know shit, and by
7/7/77, eleven years later still don't know any better
on 8/8/88, it's way too late for me to change
and by 9/9/99, I hope I'm sittin' on the back porch drinking red wine, singing
oooooooooh, french fries with pepper!
-- Mark Sandman, 1963 - 1999
I'm celebrating the way he would have wanted it! --
Having the User info box for your public keys is nice, but please, if you use PGP, use the key servers! That way automated PGP systems like "metamail" (which also supports GPG) can look up your key when you send email and even, if necessary, fetch other keys used to sign it. Ideally, do both. BAL's PGP Public Key Server is a good place to start - all the servers mirror each other's content, so any should work. --
In an article explaining the differences of opinion between yourself and RMS, you once asserted that his approach was "religious" but yours was "scientific", and added that you felt free software/open source should be tested not at the pulpit but in the marketplace.
Now, where commercial interests and ethical demands coincide, that's great. Where they differ, RMS believes that ethics takes precedence; you seem to be asserting that being "scientific" means prioritizing making money over any ethical concern.
Since the interests of ethics and of commerce do sometimes differ, don't you think it's good that we have people like RMS to talk about the former? And weren't you unfair on him in labelling this behaviour "unscientific"? --
I don't see any suggestion of purposeful weakening of DES in any way in my edition of AC, except for the small keyspace. Nothing would really shed the doubt of which you speak, but certainly all the evidence points the other way.
The AES is being selected to replace DES because: * DES's keyspace is too small * DES's block size is too small * DES is too slow, especially in software.
I'm surprised that you went for NFS rather than Coda - NFS is a bit suckful, and Linux's implementation doubly so. Coda would have given you a more secure and more efficient protocol for talking to the other servers. Get Andover to buy you a duplicate setup for testing new configurations, and benchmark the two against each other. Or get Mindcraft to do it:-) --
Years of analysis of DES has shown that the only back door in DES was right out in the open: the 56-bit key. Everything we've learned about cryptanalysis in the mean time has shown that IBM (and possibly the NSA) went to some lengths to strengthen DES against attacks we didn't even know about at the time. What are you taking about?
I don't believe any of your three possibilities. I think it's exactly what it seems, and that the NSA like to have their lives made easier. --
(1) The paper's being presented at a rump session, so it won't appear in the list of accepted papers. It won't have gone through the same rigourous review as an accepted paper, but hell, they wouldn't let the crypto loonies of this world (David A Scott aka SCOTT16U.ZIP_GUY) present such a session.
(2) the _NSAKEY certainly refers to *a* public key. It's a stretch of unusually high entropy data, which nearly always means cryptographic data: even compressed stuff doesn't look like that. Furthermore, it's being fed to BSafe's public key routines: look at the CCC's debugger output.
(3) Micros~1 wouldn't fuck around with that sort of thing. I don't think anyone's going to label a public key "NSAKEY" as a joke.
(3) But the NSA are very likely indeed to put pressure on them to introduce this sort of "feature" - it's quite a common occurence for a guy with a sharp suit to turn up at the offices of commercial crypto implementors and discuss, let's say, how best to speed the export process. In the case of Lotus Notes, they did it entirely above ground, although the Swedish Government didn't read the small print when they banked their information system on Notes and they were quite annoyed to discover that the NSA had a way in.
Put aside your speculation: this is the real thing. The NSA hold the private key that allows their software to do pretty much whatever they want to the CryptoAPI system, if you'll consent to run any code they've had their hands near. And we all know how tricky that is.
Personally, I'm ecstatic: the unearthing of this information is a huge boon both to the Open Source and crypto-security communities. --
First, this is being presented at Crypto '99, not Def Con Two. It's peer reveiewed, guys, it's pretty much bound to be legit.
Second, every copy of Lotus Notes carries an explicit NSA backdoor, called the "Cryptographic Differential Work Factor". Essentially the point is that part of every secret key is encrypted with the NSA's public key, so where we would have to brute-force 128 bits to get in, they have to brute force only 40. So there's precedent; it's not as implausible as some people here seem to think. It may not be a back door in the simplistic way some people are thinking of, though.
The algorithm the guy used to find the key is documented in Adi Shamir and Nicko van Somoeren's paper "Playing Hide and Seek with Stored Keys" - you can find a link to the paper here alongside my implementation of the technique described. --
Searle's charge that Dennett ignores the difficult parts depends on Searle ignoring the bits where Dennett tackles the difficult parts. It's just that he tackles them in a tractable form: instead of addressing the wishy-washy and question-begging "why do people experience conciousness?" question, he addresses the concrete question "why do people *report* conciousness?". This key move makes it possible to get started on the problem.
I'll also note here that Dennett has a footnote hanging off the sentence "We're all zombies" stating roughly "Of course, it would be an act of utter intellectual dishonesty to quote this out of context." --
Many, many people use Windows NT to store and transmit top-secret data. Does that mean that NT is secure, or just that the expertise to properly evaluate security is much rarer than the willingness to believe marketing that says what you want to hear?
And, of course, it can be misleading to speak of a "secure operating system" - security is a property of the system as a whole. A Windows NT mail hub can store and forward a PGP-encrypted message without the contents of the message being any more readable, and an OpenBSD machine can be configured with open "telnet" ports and guessable passwords.
The care and effort put into OpenBSD's security aspects is of course useful and laudable, but it won't do you the user any good if you don't understand your own role in keeping the system secure. --
Probably the best place to start reading about this sort of thing is Douglas R Hofstadter and Daniel C Dennett, "The Mind's I", but everything I've read by either author has been excellent.
I think the answer is this: *you* know you're thinking about your brain, at least if you stop to ask yourself, so clearly the information is available to brain processes should it be relevant. But it seems damn unlikely that it would look greatly different than other kinds of deep thought to any probe that only measured low-level activity like electrical patterns or chemical changes.
Put it this way: do you think your computer knows when you're recompiling a kernel? --
This law is as much to stop US citizens from getting convenient crypto as for any thoughts on the non-US market: because products that use strong crypto are export-controlled, people simply make fewer products that are based on strong crypto, to avoid limiting their sales and probably incurring legal costs and general hassle. This means US citizens use lots of products that would have been crypto-enabled as a matter of course, but aren't, because of this law.
In that sense, it's quite effective despite being manifestly unenforceable and silly. --
The way Microsoft phrase it, it's all Compaq's fault for "terminating Alpha support for current versions of Windows NT". As if Microsoft were helpless in front of Compaq's refusal to let them port their operating system!
Linux, as everyone here knows, ran on Alpha machines (as well as x86 and 68000) long before it could get acknowledgement of its existence from the processor manufacturers, let alone substantial help in making it happen. It was done in the usual way: get the specs of the hardware, and code to them. What is it that's so difficult about this process that Microsoft needs Compaq to hold its hand before it can think about it?
Microsoft don't expect ever to have to act like a software firm. You don't write code for other people's hardware - you graciously allow the hardware manufacturer to write code for you. Compaq have started to smell the independence from this kind of treatment that Linux gives them, and soon Microsoft will find out what that means for them.
Documentation is essentially part of software, and the licenses that are good for one are good for the other. If you need to fork the software, you'll need to fork the docs too.
Thus, the Open Source Definition is perfectly good at describing what licenses are acceptable for a free documentation project.
Essays and fiction, by contrast, probably wants rather different licensing. Possibly the McElwaine license: UN-altered reproduction and DISSEMINATION of this IMPORTANT information is ENCOURAGED... --
Slashdot Mirror
Things have been going badly for Mr. Gates ever since Monsieur L'Entarteur, Noel Grodin, made him a present of a tasty cream pie. First the antitrust suit, then the arrival of Linux on the public consciousness and rapid exponential gain in popularity. In true Sumo wrestler style, he's tried to fend off one attack with another, pointing at the rise of Linux as a reason why he can't be a monopoly.
But the case isn't about what's happening now; it's about whether Microsoft had behaved illegally prior to February 1998. The DOJ can silence this line of argument with one simple suggestion:
"You only now have competition *because we're suing you*. You behaved illegally, so we dragged you into court. Now you're having to behave yourself to stand a chance in the trial, it's not as easy for you to tell people "you'd better buy our product because all our rivals are doomed", and competition is returning to the marketplace. But if the court allows you to get away with the way you used to behave, you'll be back to the usual FUD, lock-out, and illegal monopoly behaviour faster than you can say 'not guilty'. Your honour, I put it to you that this behavour can only be brought to an end if we THROW AWAY THE DAMN KEY!"
Anyway, I'm sure it won't matter. They've *really* pissed Judge Jackson off, and now Microsoft are going to lose so badly your head will spin in two directons at once. And they'll find it very hard to appeal the decision - especially after they jail Mr. Ballmer for perjury...
We keep winning, don't we?
--
The Open Source Definition is pretty much the same as the Debian Free Software Guidelines, both by Bruce Perens, so if it doesn't meet the standards of one it won't meet the standards of the other. However I'm sure it'll soon meet both. And widespread use of DNSsec would be an *excellent* thing.
--
The non-free code is mixed in with the free code ATM, such that creating a version of BIND that uses only free software is non-trivial. However, I believe that this is being undertaken by the ISC.
I'm definitly throwing some sort of party on September 20, 2000. I missed my chance when the Diffie-Hellman patent expired.
--
There has to be a hierarchy of trust for these to be proper CRLs: ie, less priviledged keys have trust delegated to them by more priviledged keys, so the more priviledged keys can later revoke that trust by signing an appropriate CRL. Both keys are as trusted as each other and can replace themselves or each other.
Schneier's analysis is quite accurate.
--
I don't believe that the "NSAKEY" allows the NSA to read everyone's email that's encrypted with Windows - that was always an exaggeration. But it's clear that Microsoft are holding something back, because they have not produced a credible account of why the second key is there.
All they say is "in case the first key is destroyed". To which we all say "so why not take a backup"? And after that, it's all *sheer speculation* on our parts about what their actual reasons are, for example about whether they mean "compromise" rather than "destruction" (hint: volcanoes don't compromise keys) or whether there's some other need that backups wouldn't meet. It's speculation because Microsoft haven't told us. All I know is:
* Microsoft have not come up with a believable explanation of why there are two keys, either of which can validate a CSP
* And *neither has anyone else*, not Bruce Schneier, not Markus Kuhn, not any of the people on the mailing lists I'm on. No-one has suggested anything that would make this an even vaguely sensible way to do things, let alone a way past an NSA security review.
Frankly, if I hear a non-fishy explanation for this I'll be quite likely to believe it - it's true about Microsoft's historical stance in favour of strong crypto, even though the whole CryptoAPI signing thing rather goes against that in the first place. Until such an explanation surfaces, though, there's no reason at all to let Microsoft off the hook on this one.
--
On 6/6/66, I was little, I didn't know shit, and by
7/7/77, eleven years later still don't know any better
on 8/8/88, it's way too late for me to change
and by 9/9/99, I hope I'm sittin' on the back porch drinking red wine, singing
oooooooooh, french fries with pepper!
-- Mark Sandman, 1963 - 1999
I'm celebrating the way he would have wanted it!
--
Having the User info box for your public keys is nice, but please, if you use PGP, use the key servers! That way automated PGP systems like "metamail" (which also supports GPG) can look up your key when you send email and even, if necessary, fetch other keys used to sign it. Ideally, do both. BAL's PGP Public Key Server is a good place to start - all the servers mirror each other's content, so any should work.
--
See Matt Blaze's My Life as an International Arms Courier for more on this.
I don't think your advice on 3DES is terribly clearly thought out, but that's an article for another time: 3DES is perfectly good as you say.
--
The article I'm referring to is here.
--
In an article explaining the differences of opinion between yourself and RMS, you once asserted that his approach was "religious" but yours was "scientific", and added that you felt free software/open source should be tested not at the pulpit but in the marketplace.
Now, where commercial interests and ethical demands coincide, that's great. Where they differ, RMS believes that ethics takes precedence; you seem to be asserting that being "scientific" means prioritizing making money over any ethical concern.
Since the interests of ethics and of commerce do sometimes differ, don't you think it's good that we have people like RMS to talk about the former? And weren't you unfair on him in labelling this behaviour "unscientific"?
--
I don't see any suggestion of purposeful weakening of DES in any way in my edition of AC, except for the small keyspace. Nothing would really shed the doubt of which you speak, but certainly all the evidence points the other way.
The AES is being selected to replace DES because:
* DES's keyspace is too small
* DES's block size is too small
* DES is too slow, especially in software.
--
I'm surprised that you went for NFS rather than Coda - NFS is a bit suckful, and Linux's implementation doubly so. Coda would have given you a more secure and more efficient protocol for talking to the other servers. Get Andover to buy you a duplicate setup for testing new configurations, and benchmark the two against each other. Or get Mindcraft to do it :-)
--
Years of analysis of DES has shown that the only back door in DES was right out in the open: the 56-bit key. Everything we've learned about cryptanalysis in the mean time has shown that IBM (and possibly the NSA) went to some lengths to strengthen DES against attacks we didn't even know about at the time. What are you taking about?
I don't believe any of your three possibilities. I think it's exactly what it seems, and that the NSA like to have their lives made easier.
--
(1) The paper's being presented at a rump session, so it won't appear in the list of accepted papers. It won't have gone through the same rigourous review as an accepted paper, but hell, they wouldn't let the crypto loonies of this world (David A Scott aka SCOTT16U.ZIP_GUY) present such a session.
(2) the _NSAKEY certainly refers to *a* public key. It's a stretch of unusually high entropy data, which nearly always means cryptographic data: even compressed stuff doesn't look like that. Furthermore, it's being fed to BSafe's public key routines: look at the CCC's debugger output.
(3) Micros~1 wouldn't fuck around with that sort of thing. I don't think anyone's going to label a public key "NSAKEY" as a joke.
(3) But the NSA are very likely indeed to put pressure on them to introduce this sort of "feature" - it's quite a common occurence for a guy with a sharp suit to turn up at the offices of commercial crypto implementors and discuss, let's say, how best to speed the export process. In the case of Lotus Notes, they did it entirely above ground, although the Swedish Government didn't read the small print when they banked their information system on Notes and they were quite annoyed to discover that the NSA had a way in.
Put aside your speculation: this is the real thing. The NSA hold the private key that allows their software to do pretty much whatever they want to the CryptoAPI system, if you'll consent to run any code they've had their hands near. And we all know how tricky that is.
Personally, I'm ecstatic: the unearthing of this information is a huge boon both to the Open Source and crypto-security communities.
--
Second, every copy of Lotus Notes carries an explicit NSA backdoor, called the "Cryptographic Differential Work Factor". Essentially the point is that part of every secret key is encrypted with the NSA's public key, so where we would have to brute-force 128 bits to get in, they have to brute force only 40. So there's precedent; it's not as implausible as some people here seem to think. It may not be a back door in the simplistic way some people are thinking of, though.
The algorithm the guy used to find the key is documented in Adi Shamir and Nicko van Somoeren's paper "Playing Hide and Seek with Stored Keys" - you can find a link to the paper here alongside my implementation of the technique described.
--
Searle's charge that Dennett ignores the difficult parts depends on Searle ignoring the bits where Dennett tackles the difficult parts. It's just that he tackles them in a tractable form: instead of addressing the wishy-washy and question-begging "why do people experience conciousness?" question, he addresses the concrete question "why do people *report* conciousness?". This key move makes it possible to get started on the problem.
I'll also note here that Dennett has a footnote hanging off the sentence "We're all zombies" stating roughly "Of course, it would be an act of utter intellectual dishonesty to quote this out of context."
--
Hope this helps.
--
isn't always as easy as you might hope, if this is anything to go by.
--
The entire specification is published and freely redistributable, and there are free readers and writers. What else do you want from it?
--
Many, many people use Windows NT to store and transmit top-secret data. Does that mean that NT is secure, or just that the expertise to properly evaluate security is much rarer than the willingness to believe marketing that says what you want to hear?
And, of course, it can be misleading to speak of a "secure operating system" - security is a property of the system as a whole. A Windows NT mail hub can store and forward a PGP-encrypted message without the contents of the message being any more readable, and an OpenBSD machine can be configured with open "telnet" ports and guessable passwords.
The care and effort put into OpenBSD's security aspects is of course useful and laudable, but it won't do you the user any good if you don't understand your own role in keeping the system secure.
--
Probably the best place to start reading about this sort of thing is Douglas R Hofstadter and Daniel C Dennett, "The Mind's I", but everything I've read by either author has been excellent.
I think the answer is this: *you* know you're thinking about your brain, at least if you stop to ask yourself, so clearly the information is available to brain processes should it be relevant. But it seems damn unlikely that it would look greatly different than other kinds of deep thought to any probe that only measured low-level activity like electrical patterns or chemical changes.
Put it this way: do you think your computer knows when you're recompiling a kernel?
--
because they were granted the same freedoms as me.
--
This law is as much to stop US citizens from getting convenient crypto as for any thoughts on the non-US market: because products that use strong crypto are export-controlled, people simply make fewer products that are based on strong crypto, to avoid limiting their sales and probably incurring legal costs and general hassle. This means US citizens use lots of products that would have been crypto-enabled as a matter of course, but aren't, because of this law.
In that sense, it's quite effective despite being manifestly unenforceable and silly.
--
The way Microsoft phrase it, it's all Compaq's fault for "terminating Alpha support for current versions of Windows NT". As if Microsoft were helpless in front of Compaq's refusal to let them port their operating system!
Linux, as everyone here knows, ran on Alpha machines (as well as x86 and 68000) long before it could get acknowledgement of its existence from the processor manufacturers, let alone substantial help in making it happen. It was done in the usual way: get the specs of the hardware, and code to them. What is it that's so difficult about this process that Microsoft needs Compaq to hold its hand before it can think about it?
Microsoft don't expect ever to have to act like a software firm. You don't write code for other people's hardware - you graciously allow the hardware manufacturer to write code for you. Compaq have started to smell the independence from this kind of treatment that Linux gives them, and soon Microsoft will find out what that means for them.
Revenge is gonna be so sweet.
--
Documentation is essentially part of software, and the licenses that are good for one are good for the other. If you need to fork the software, you'll need to fork the docs too.
Thus, the Open Source Definition is perfectly good at describing what licenses are acceptable for a free documentation project.
Essays and fiction, by contrast, probably wants rather different licensing. Possibly the McElwaine license: UN-altered reproduction and DISSEMINATION of this IMPORTANT information is ENCOURAGED...
--