Government subsidies: our last, best hope for Cryptoanarchy?

R. A. Hettinga rah at
Fri May 24 17:01:51 EDT 2002

"Financial cryptography is the only cryptography that matters"?

Say it ain't so, Lucky, say it ain't so...



--- begin forwarded text

Status:  U
From: "Lucky Green" <shamrock at>
To: <cypherpunks at>
Subject: Government subsidies: our last, best hope for Cryptanarchy?
Date: Fri, 24 May 2002 01:44:53 -0700
Sender: owner-cypherpunks at

You may be asking yourself: where, oh where, has all the crypto gone?
Where are the BlackNet's? Where is the untraceable Ecash? Where is the
Cryptanarchy that we've been waiting for? For that matter...where is the

The staunchest Cypherpunk will by now have noticed that PGP/GPG usage
even amongst list members, once the bellwether indicator of Cypherpunks
crypto adoption success, is in decline.

NAI has pulled PGP off the shelves. Conspiracy theories as to what may
have been driving this business decision abound. The fact of the matter
is that the usage of PGP by businesses, the sole significant source of
NAI PGP revenue, had long passed its peek. How many business do you know
that rolled out PGP in the last year? How many do you know that quietly
stopped using PGP after formally adopting its use with big fanfare a few
years ago? The facts are that there are more of the latter than of the
former. Did NAI receive The Briefing? I don't know. Nor does it really
matter. There wasn't enough money to be made with PGP.

A well-respected Cypherpunk recently expressed hope that if NAI's PGP
were to disappear for good, perhaps compatibility problems amongst
versions of PGP would diminish. A plausible sounding theory, if one were
to assume that the compatibility problems amongst versions of PGP are
between versions produced by different vendors. Presumably, the theory
would go, with only one major supplier left standing, that being GPG
(yes, I am aware there are others), interop problems with other vendors'
implementations would pretty much disappear by definition.

However, a closer inspection of the PGP interoperability problems, which
have been at one of the issues coming up in just about every single
discussion I've had with anybody about PGP over the last year, shows
that the interop problems are not between current versions by multiple
vendors, but between versions, in some cases by the same vendor, that
were released over time. The current version of NAI-PGP will
interoperate just fine with the current version of GPG.

So why is PGP interoperability such a frequently raised issue? And why
does the importance of this topic seem to diminish the further away you
stray from Cypherpunks into the realms of the casual PGP users? The
answer to the second question is straight-forward. Even the most casual
user of software tends to be familiar with and acceptant of the need for
occasional software upgrades. It appears that those that are
experiencing interop problems are those that are insisting on using up
to 5-year old versions of PGP. It is true and should come as no surprise
that those 5-year old versions do indeed have interop problems with
newer versions of PGP.

Some may say: I shouldn't need to keep on upgrading my software to be
able to send encrypted email. Does anybody seriously believe that those
that insist on using 5-year old versions of PGP have not upgraded their
operating systems in those 5 years? Indeed, upgraded more their
operating systems more than once? Or does anybody seriously believe that
those that insist on using old versions of PGP still run the exact same
version of their MUA and text editor as they did 5 years ago? Of course
they don't. If they did, their boxes would long have become unusable due
to the warez traffic taking place on the machines as a result of the
countless remote exploits discovered over these last 5 years.

The reluctance to upgrade to a newer version of PGP does not appear to
be driven by a refusal or inability to upgrade software in general. This
reluctance to upgrade appears PGP specific. Why this is the case I do
not know. (And don't greatly care. I am running the latest version of
NAI PGP and I can make my copy talk to any version of PGP 2.x or

Now perhaps there may be the rare case of a PGP user that is still
running PGP 2.x on the same DOS box, using the same mailer and the same
text editor as they did 5 years ago. I don't know of any such users, but
that doesn't mean no such users exists within the vastness of the
Internet. What I do know is that those that I am aware of that are
complaining about PGP version interoperability problems do not fall into
the rare category of users who have not upgraded any software at all for
the last 5 years.

Since the existence of multiple PGP software providers has not been the
cause of the interop problems experienced by some, reducing the number
of PGP implementation providers should not be expected to have a
significant impact on the number or severity of PGP interop problems
experienced by the users.

The same Cypherpunk expressed a hope that absent NAI's PGP, the German
government group currently funding GPG might be more inclined to fund UI
work for Windows. Perhaps they would. Assuming for a moment they will,
would this lead to a better PGP Windows UI than NAI's PGP offered? NAI's
PGP UI is pretty darn good. Looking at the sorry state of UI's currently
offered for GPG, even with government funding, I suspect that it will be
a long time indeed before we will see a GPG UI that will compare
positively to the current NAI PGP UI. Of course Cypherpunks know that it
is dangerous to base one's hope for the development of a Cypherpunk
tools on funding by a government. Be that the US government or the
German government. Strongly pro-crypto German governmental officials
have been know for their propensity to stumble out of the windows of
high story buildings. Warnings regarding the dangers that may lure in
parking lots come to mind.

Where has the crypto gone? The crypto has gone under the hood, away from
the UI, to a place where the crypto will be of most use to the average
user. Yes, for crypto to be secure against the active, well resourced,
attacker, the crypto must at one point touch the user to permit the user
to make a trust decision. But to secure communications from passive
and/or less resourced attacker, crypto can be placed under the hood.

I bet a good percentage of the readers of this list that still require
to be engaged in a form of employment nowadays access their company
network via some form of VPN. Up by orders of magnitude from a few years
ago. More importantly, a good percentage of users that have never heard
of this mailing list and will never hear of this mailing list are using
strong crypto to access their company's information. The percentage of
users utilizing strong crypto is increasing daily.

Another major segment of Internet infrastructure in which strong crypto
is rapidly becoming the default rather than the exception, at least
amongst those running their own servers, is SMTP. The percentage of SMTP
connections to my mail server that use TLS to encrypt SMTP has grown
from around 30% a few months ago to well over 60% today. This increase
in the use of STARTTLS on SMTP appears to parallel a loss of sendmail
MTA market share in favor of postfix. It is just too darn easy to turn
on support for STARTTLS during a migration to postfix, hence most sites
performing such a migration appear to do so.

(I am aware that sendmail and qmail support STARTTLS as well, but the
increases in the use of STARTTLS that I am seeing at my SMTP server
coincides with sites switching MTA's to postfix. I see a handful of
qmail sites using TLS, representing a fraction of the postfix sites, and
no sendmail site that I have noticed. Having once considered activating
STARTTLS in sendmail myself, I vividly recall myself reading the
instructions, bursting out laughing, followed by my researching
competitive MTA's. Within a week I had switched to postfix. Wished I had
done so years ago. All these hours that I wasted over those years...

An interesting side-effect of the increased adoption of MTA's and MUA's
that support STARTTLS is that I now have a link that is secure against
passive eavesdroppers to the majority of those with whom I regularly
correspond in encrypted email. Is protection against only passive
eavesdroppers good enough for me? No. Are we a heck of a lot further
along than we were 5 years ago? I would argue that we are.

Where has all the crypto gone? It has gone mainstream. Some of you may
remember the discussions from years ago how we should try to find a way
to make crypto cool and attractive for the average person.

This afternoon, I installed the "Britney Spears SmartFlash Kit" on my
Windows XP test box. For $29.95 plus shipping and handling, you too can
own a Britney SmartFlash Kit, which includes a USB smartcard reader, a
Gemplus smartcard (both the reader and card are graced with pictures of
Britney), and a CD with Gemplus GemSafe smartcard crypto driver software
(the click-wrap EULA reminds you that export to Cuba, Libya, and other
naughty countries or those developing biological weapons is strictly
prohibited. Sorry pop music fans located in Cuba or at the CDC).

Once you installed the gear and inserted your one of 5 possible Britney
Spears' smartcards (collect all 5), you will automatically be taken to a
client-authenticated, 128-bit RC4 encrypted website that provides you
with exclusive access to such exciting content as 45 second QuickTime
clips of Britney purchasing chocolates and of course Fe's (Britney's
most trusted advisor) indispensable advice column. A representative
sample question follows.

"Dear Fe:
I'm 14 but my parents treat me like I am 10! They won't let me go out at
night, and won't even let me bring a boy to the Homecoming dance. I'm in
high school and want to do all the things that go along with that, but
they won't let me! -- Trying to Grow Up, Americus, GA".

I will spare you Fe's answer (get your own smartcard :), but I won't
spare you this: if you wonder where crypto has gone, you need to look no
further than Americus, GA. If the question posed to Fe leaves any doubt
about the nouveau crypto users' demographics, a drop-down list inquiring
about the user's age to participate in a contest (smartcard required)
should help clarify matters. The age selections offered are: [2-6],
[7-12], [13-15], [16-18], [over 18]. Do not worry should your parents
disapprove of your choice of music. If you hear your parents walk up to
your door, just yank the card out of the reader and your browser will
close instantly.

Crypto has gone as mainstream as can be. While crypto for crypt's sake
may not have become cool to everybody, crypto has become a Must Have for
your average 14 year-old high school freshman girl. Crypto has become

As to when we'll see BlackNet and untraceable Ecash, who knows. Here's
hoping to 2005.

[In the time it took me to write this post, another of the regular
entries in my maillog has turned on STARTTLS, protecting the SMTP
connection with EDH and 3DES].


--- end forwarded text

R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list