News and commentary from the cross-platform scripting community.
Mail Starting 9/29/97 Privacy and security are an issue over in Europe as much as they are in the US. Some governments have restrictions (import, export of technology and key escrow) some have not. The security business is a very fragmented market and state-of-the-art solutions are available in most countries.
From: jaggi@pingnet.ch (Christoph Jaggi);
Sent at 9/29/97; 7:24:34 PM;
PrivacyOne of the cool security and privacy companies is r3 (http://www.r3.ch) which helped PGP get its security. They helped to create the IDEA algorithm.
As someone who's been reading DaveNet ever since you had a write-up in WIRED, I'd like to make a suggestion for your three-year anniversary piece. How about re-visiting the concept of Namaste?
From: zooropa@enteract.com (Michael E. Rubin);
Sent at 9/29/97; 11:31:10 AM;
Suggestion for DaveNetThe concept first surfaced in one of your DaveNets where you talked about the concept of Flow. I now quote it in my .sigfile, but you wrote that namaste was a "Buddhist concept that roughly translates to 'The divinity in my being acknowledges the divinity in yours.'" Isn't that a wonderful phrase? It conveys respect, but also much more than that. It implies an acknowledgment that the other person is something more than just a customer, client, or number.
We're working in a business filled with a lot of wonderful people, but also a lot of shmecktory people (as my Yiddish grandpa would say). If people would at least give each other the acknowledgment of respect - to agree, disagree, argue, or assent - then I think we'd be sharing a lot more with each.
You are absolutely right that this is a critical issue, and we need to make sure that everyone in the world has the right to truly private electronic communications.
From: tlundeen@lundeen.com (tim lundeen);
Sent at 9/29/97; 11:12:11 AM;
Re:Bill Gates on PrivacyThe laws pending before Congress would severely curtain the rights of U.S. citizens to secure communications. The existing encryption export laws hurt the competitiveness of U.S. companies without any benefit -- the stuff we can't sell is freely available outside the U.S.
Let's replace both pending and existing law with a new official U.S. policy, and laws, that say "secure electronic communication is a basic right of every individual in the world". Remove the contraints on U.S. software vendors, and let them help find the best way to accomplish this.
As "Bill" points out, criminals can just encrypt and then send securely, regardless of the law. So it is only law-abiding citizens who are being hurt, and will be further damaged by proposed new laws.
I'll do what I can to help!
Thanks for the work on privacy, it's important.
From: ethan+@pitt.edu (Ethan Benatan);
Sent at 9/29/97; 3:18:51 PM;
Re:Bill Gates on PrivacyThe problem with yanking a key is that taking it off the server doesn't do anything useful- you have to actually revoke it by issuing a KRC. Remember, anyone who has your key can upload it, so yanking it once won't do any good, it'll just keep coming back.
The KRC says to the keyservers "never use this key". You can get PGP to issue one, then upload it. Thereafter users who go for your key will find only the one you want. The KRC will propagate.
I think the confusing of the FAQ part is the bit about sending mail to yank a key if you've lost access to your secret ring... that doesn't apply.
I have started to use PGP regularly in my business (high-end residential real estate brokerage), mostly because my clients are pretty iffy about security in general. I've always operated on the "hide in plain sight" plan as far as net stuff goes...better known as the "who could possibily care about me, considering..." However, billg made good points and so did you, regarding company sales. Your newsletter & musings make my day when they show up. I can't believe it took me until just a few months ago to start getting your newsletter. (Probably Mac scorn...my last Apple was a IIe...it's taken me until this year to realize how important Apple is to me, even if I never touch one.)
From: squire@lakeunion.com (Richard K. Worthington);
Sent at 9/29/97; 12:27:02 PM;
Your PGP sigIt was great to see your article about privacy on DaveNet today. I found your public key on the PGP keyserver. If you could publicly post your key fingerprint (which should be 7D9C C53D 9F4D 16EB F282 A127 F2EB 2D87 C66D 7D11 if the key on the keyserver is yours), people can double check that the key they download is really the key you really use.
From: woodie@indy.net (Ryan Dumperth);
Sent at 9/29/97; 3:39:41 PM;
PGPI just finished Applied Cryptography by Bruce Schneier yesterday ($40 at amazon.com). After reading that book one might easily participate and understand most any conversation concerning digital privacy and authentication. I consider it to be a Very Good Thing that you are highlighting cryptography and privacy. Encryption is the *only* thing that can preserve privacy and trust on the internet. No other mechanism is up to the task.
Everyone travels in tight little circles, and it not uncommon to find yourself and your close friends in an infinite loop as far as interests are concerned. To have someone with a public forum introduce the scripting/content creation circle to the cryptography/privacy circle will serve only to enrich both. Although if you regularly get email from Bill Gates, your circles may be a bit more intreresting than mine, even without the cross-pollenation. :-)
Thank you for your interest, and for your desire to share it with others. It will most certainly have a positive impact.
I think the key words in the NetObjects quote is
From: main@Xpress.ab.ca (Jim);
Sent at 9/29/97; 3:53:11 PM;
NetObjects capitalism"-- and capitalize on --"
given that, they aren't full of it, although they certainly weren't the first to recognize "the roles different people play blahblah blah".
When will Userland be shipping anything in non-beta form that has a featureset comparable to what TeamFusion will offer? Will it be before TeamFusion ships?
I think that Vignette StoryServer was probably the first shipping "really cool" multi-user content system, soI'm sure they will have something to say about NetObjects' claims.
Glad to see you're interested in privacy. My suggestion: buy a copy of PGP. Support Phil Zimmerman. The guy's a hero--he deserves the support.
From: logullo@apple.com (Jeff Logullo);
Sent at 9/29/97; 4:04:41 PM;
Re:Bill Gates on PrivacyThere's a great analogy in the docs from Phil. Privacy isn't mentioned in the Constitution because it was always an assumed right. We want privacy? We go out behind the barn and whisper. Read Phil's docs--there's a lot of stuff you'll want to write about, I'm sure.
Two notes on privacy:
From: dano@cadence.com (Dan O'Neill);
Sent at 9/29/97; 1:39:11 PM;
Re:Bill Gates on Privacy1. I believe the constitution guarantees the right of freedom of "speech" and freedom of "press". I believe this narrow interpretation was used by the government and the supreme court in the early years of this century to create the FCC. The FCC in turn controls the content and distribution of broadcast media, radio and television. Neither radio or television really qualify under the first ammendment, if interpreted as "press = printed text" and "speech = guy on a soapbox in the park" Is our government afraid of unrestricted, large distribution/broadcast of information? Perhaps.
2. I believe SunSoft did something clever recently. They had a European division create software with strong-encryption and they sell that product to the rest of the world.... including the US as the IMPORT of strong cyptogrophy isn't restricted. I wish I could find this article, it's on www.sun.com somewhere.
Dan
You need to issue a key revocation certificate, which requires having the secret key on hand. If you do not have the secret key for that key, it can never be revoked or removed.
From: pudge@pobox.com;
Sent at 9/29/97; 4:31:01 PM;
Scripting News (Remove Key)You actually CANNOT EVER remove a key from a keyserver, really. You issue a KRC and then submit that to the keyserver. The key is revoked, but is still present on the server; people who see the key will know it is revoked.
How to issue a KRC is dependent on your software. I am not sure how with PGP 5.0. With MacPGP 2.6.3 and most lower versions I've used, you can just select the proper menu item from the Keys menu.
One or two of my old keys is revoked. Nifty.
The best support for scripting PGP is, by far, MacPGP 2.6.3. PGP 5.0 has virtually no scripting support. I have complained numerous times, to no avail. I can only hope they figure out that it is necessary for scripting support to exist if they want a lot of people to use the thing.
From: pudge@pobox.com;
Sent at 9/29/97; 4:31:28 PM;
PGP ScriptingI have a complete MacPerl module which controls MacPGP 2.6.3 via Apple Events (http://pudge.net/macperl/macpgp/). More info about MacPGP scripting is there, as well as a link to 2.6.3. The module needs some updating when I get the time, as it was my first foray into Apple Events from MacPerl. But it does the job nicely.