From sirius.imperium.net!f402.n3666!not-for-mail Fri Aug 16 00:08:14 1996
Path: sirius.imperium.net!f402.n3666!not-for-mail
Newsgroups: fido.i_ufo
Distribution: fido
From: Don Allen 
Date: Tue, 06 Aug 96 20:43:21 -0400
Subject: securing the internet against wiretapping
Message-ID: <839367821@f2.n3618.z1.ftn>
Organization: A bad day at the beach beats a good day at work
X-FTN-CHRS: LATIN-1 2
X-FTN-ORIGCHRS: IBMPC 2
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-FTN-AREA: I_UFO
X-FTN-SPTH: fidonet#1:3618/2 :270/101 :396/1 :3615/50 :3666/401
X-FTN-MSGID: 1:3618/2 3207bc8d
X-FTN-Tearline: FMail/386 1.02
X-FTN-Origin: A bad day at the beach beats a good day at work (1:3618/2)
X-FTN-SEEN-BY: 2216/330 3666/402
X-FTN-PATH: 3666/402
X-FTN-PATH: 2216/330
Lines: 191

* Forwarded from ALT.CONSPIRACY
* Originally By: an366601@anon.penet.fi
* Originally To: All
* Originally Re: securing the internet against wiretapping
* Originally Dated: Saturday August 03 1996 09:47
__________________________________________________________________

Newsgroups:
talk.politics.crypto,alt.politics.org.covert,alt.politics.org.nsa,alt.politics.
datahighway,alt.culture.internet,alt.culture.usenet,alt.cyberspace,alt.society.
anarchy,alt.conspiracy
From: an366601@anon.penet.fi (** CRAM **)
X-Anonymously-To:
talk.politics.crypto,alt.politics.org.covert,alt.politics.org.nsa,alt.politics.
datahighway,alt.culture.internet,alt.culture.usenet,alt.cyberspace,alt.society.
anarchy,alt.conspiracy
Organization: Anonymous forwarding service
Date: Sat,  3 Aug 1996 13:47:36 UTC
Subject: securing the internet against wiretapping
Lines: 161
Xref: news.planetc.com talk.politics.crypto:17307 alt.politics.org.nsa:5496
alt.politics.datahighway:20284 alt.culture.internet:26230
alt.culture.usenet:32609 alt.cyberspace:31081 alt.society.anarchy:39948
alt.conspiracy:199581

X-within-URL: http://www.cygnus.com/~gnu/swan.html                             


            SECURING 5% OF THE INTERNET AGAINST WIRETAPPING IN 1996
                                       
   Support encryption freedom!
   
   My project for 1996 is to secure 5% of the Internet traffic against
   passive wiretapping. If we get 5% this year, we can secure 20% next
   year, against both active and passive attacks; and 80% in 1998. Soon
   the whole Internet will be private and secure. Want to help?
   
   The idea is to deploy boxes that will sit between your local area
   network and the Internet (near your firewall or router) which
   opportunistically encrypt your Internet packets. Whenever you talk to
   a machine (like a Web site) that doesn't support encryption, your
   traffic goes out "in the clear" as usual. Whenever you connect to a
   machine that does support this kind of encryption, this box
   automatically encrypts all your packets, and decrypts the ones that
   come in. In effect, each packet gets put into an "envelope" on one
   side of the net, and removed from the envelope when it reaches its
   destination. This works for all kinds of Internet traffic, including
   Web access, Telnet, FTP, IRC, Usenet, etc.
   
   This wasn't just my idea; lots of people have been working on it for
   years. The encryption protocols for these boxes are called IPSEC (IP
   Security). They have been developed by the IP Security Working Group
   of the Internet Engineering Task Force, and will be a standard part of
   the next major version of the Internet protocols (IPv6). For today's
   (IP version 4) Internet, they are an option. The Internet Architecture
   Board and Internet Engineering Steering Group have taken a strong
   stand that the Internet should use powerful encryption to provide
   security and privacy. I think these protocols are the best chance to
   do that, because they can be deployed very easily, without changing
   your hardware or software or retraining your users. They offer the
   best security we know how to build, using the Triple-DES, RSA, and
   Diffie-Hellman algorithms.
   
   This "opportunistic encryption box" offers the "fax effect". As each
   person installs one for their own use, it becomes more valuable for
   their neighbors to install one too, because there's one more person to
   use it with. The software automatically notices each newly installed
   box, and doesn't require a network administrator to reconfigure it.
   Instead of "virtual private networks" we have a "REAL private
   network"; we add privacy to the real network instead of layering a
   manually-maintained virtual network on top of an insecure Internet.
   
Deployment

   The US government would like to control the deployment of IP Security
   with the crypto export laws. This isn't a problem for my effort,
   because the cryptographic work is happening outside the United States.
   A foreign philanthroper has donated the resources required to add
   these protocols to the Linux operating system. Linux is a complete,
   freely available operating system for IBM PC's and several kinds of
   workstation, which is compatible with Unix. It was written by Linus
   Torvalds, and is still maintained from Finland, by a talented team of
   expert programmers working all over the world and coordinating over
   the Internet. Linux is distributed under the GNU Public License, which
   gives everyone the right to copy it, improve it, give it to their
   friends, sell it commercially, or do just about anything else with it,
   without paying anyone for the privilege.
   
   Organizations that want to secure their network will be able to put
   two Ethernet cards into an IBM PC, install Linux on it from a $10
   CDROM or by downloading it over the net, and plug it in between their
   Ethernet and their Internet link or firewall. That's all they'll have
   to do to encrypt their Internet traffic everywhere outside their own
   local area network.
   
   Travelers will be able to run Linux on their laptops, to secure their
   connection back to their home network (and to everywhere else that
   they connect to, such as customer sites). Anyone who runs Linux on a
   standalone PC will also be able to secure their network connections,
   without changing their application software or how they operate their
   computer from day to day.
   
   There will also be numerous commercially available firewalls that use
   this technology. RSA Data Security is coordinating the S/Wan (Secure
   Wide Area Network) project among more than a dozen vendors who use
   these protocols. There's a compatability chart that shows which
   vendors have tested their boxes against which other vendors to
   guarantee interoperatility.
   
   Eventually this technology will also move into the operating systems
   and networking protocol stacks of major vendors. This will probably
   take longer because those vendors will have to figure out what they
   want to do about the export controls.
   
Current status

   Protocols
          The low-level encrypted packet formats are defined. The system
          for publishing keys and providing secure domain name service is
          defined. There are three competing protocols for session key
          management, and a small team is working to combine them into a
          single protocol.
          
   Linux Implementation
          The Linux implementation of the low-level packets has had about
          a month of work done, and is progressing. Check back here for
          updates as alpha-test versions start to come out.
          
   Domain Name System Security
          The first prototype implementation of Domain Name System
          Security was funded by DARPA as part of their Information
          Survivability program. Trusted Information Systems wrote a
          modified version of BIND, the widely-used Berkeley
          implementation of the Domain Name System, and it is available
          for FTP by US citizens. I am merging the prototype into the
          standard version of BIND. The first alpha-test version that
          supports KEY and SIG records will be available about August 1,
          1996 from the Internet Software Consortium FTP site. It is not
          export-controlled since it does not contain any cryptography.
          Future releases with more and more DNS Security features will
          also appear there through the summer.
          
   
   
Why?

   Because I can. I'm independently wealthy from several successful
   startup companies, so I don't have to work for a living. I spend my
   energies and money creating the kind of world that I'd like to live in
   and that I'd like my (future) kids to live in. Keeping and improving
   on the civil rights we have in the United States, as we move more of
   our lives into cyberspace, is a particular goal of mine.
   
   To offer to help, send me email at gnu@toad.com. I can use people who
   are willing to write documentation, install early releases for
   testing, write cryptographic code outside the United States, and teach
   classes for network administrators who want to install this
   technology.
   
    Misc notes
    
   I've also collected a small bit of information about network
   encryption history and patents.
     _________________________________________________________________
   
   gnu@toad.com, gnu@eff.org, my home page
   Last updated Fri Jul 26 16:01:41 PDT 1996


 \   \   \   \   \   \   \   \   \   |   /   /   /   /   /   /   /   /   /   /
          _______       ________          _____        _____  _____
         ///   \\\      |||   \\\        /// \\\       |||\\\///|||
        |||     ~~      |||   ///       |||   |||      ||| \\// |||
        |||     __      |||~~~\\\       |||~~~|||      |||  ~~  |||
         \\\   ///      |||    \\\      |||   |||      |||      |||
          ~~~~~~~       ~~~     ~~~     ~~~   ~~~      ~~~      ~~~
 /   /   /   /   /   /   /   /   /   |   \   \   \   \   \   \   \   \   \   \

C y b e r s p a t i a l  R e a l i t y  A d v a n c e m e n t  M o v e m e n t


--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi

-+-
 + Origin: Usenet:Anonymous forwarding service (1:363/1572.1)

... "It's not the years, it's the mileage." - Indiana Jones

Disclaimer: The file contained in the box above or displayed in a separate window from a link in the box above is NOT owned nor implied to be owned by BeYoND THe iLLuSioN. Most files at BeYoND THe iLLuSioN are originally from public Bulletin Board Systems (BBS) which were popular in the days before the Internet or from gopher, web, and FTP sites from the early days of the Internet which no longer exist today. Essentially, all files were acquired from the public domain in one for or another.

However, there have been occasions when copyright protected material has appeared on BeYoND THe iLLuSIoN without permission of the copyright holder. In these instances, we have and will continue to remove the copyright protected file as soon as it is brought to our attention. This can now be done using our Report Copyright Material form. Fill out the form, and the webmaster will be notified of the situation.

There are also times when files found on BeYoND THe iLLuSioN have a real home somewhere else on the Internet. In these instances, we will gladly replace the file with a link to its true home whenever it is brought to our attention. If you know of the true home of any of these files, you can use our Report Original URL form to bring it yo our attention.