RE: Suggestion for ESP 3DES MD5 document

[Roy Pereira <rpereira@timestep.com>]

>>Your point is well taken and I will make sure that compression is
>>identified as an option within ESP.

Should we include compression within ESP or should we include it within
its own header?

While the Encapsulating Security Payload "is a mechanism for providing
integrity and confidentiality to IP datagrams", it might not be the
right header to place compression information into.  A separate header,
like the one in [draft-thayer-seccomp-00.txt], might work out better.
ISAKMP or any other KEP could negotiate the available compression
routines (ZLIB, etc..), but the actual decision to compress the packet
would be left for the sender.

A sample packet might look like this:

original: IP { TCP { HTTP { DATA }}}
>new: IP' { COMP { AH, ESP { IP { TCP { HTTP { DATA }}}}}}
>
>

X-Sender: rah@pop.tiac.net
Message-Id: <v03007801ae9d5bdf0f34@[206.119.69.46]>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 30 Oct 1996 15:40:02 -0500
To: FC97 Announcement List <rah@shipwright.com>
From: Robert Hettinga <rah@shipwright.com>
Subject: Financial Cryptography 1997 (FC97): General Announcement
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk


=46inancial Cryptography 1997 (FC97):
The world's first financial cryptography conference, workshop, and exhibitio=
n!

General Announcement


Conference, and Exhibition,
=46ebruary 24-28, 1997

Workshop for Senior Managers and IS Professionals
=46ebruary 17-21, 1997


The Inter-Island Hotel
Anguilla, BWI


The world's  first peer-reviewed conference on financial cryptography,
=46C97, will be held Monday through Friday, February 24-28, 1997, from 8:30a=
m
until 12:30pm, at the Inter-Island Hotel on the Carribbean island of
Anguilla.

In conjunction with the conference, the Inter-Island Hotel will also be the
site of an intensive 40-hour workshop for senior managers and IS
professionals, during the week preceeding the conference (February 17-21),
and an exhibition for financial cryptography vendors, from 10am-6pm during
the week of conference itself.

The goals of the combined conference, workshop, and exhibition are to
provide a peer-reviewed forum for important research in financial
cryptography and the effects it will have on society,  to give senior
managers and IS professionals a solid understanding of the fundamentals of
strong cryptgraphy as applied to financial operations on public networks,
and to showcase the newest products in the field. In addition, plenty of
time has been left open in the afternoon and evening for sponsored
corporate functions and activities, for business networking, and, of
course, for recreational activities on Anguilla itself.

As one of the principals of the conference joked, "We hope that people will
treat the conference and the other activities more as a working vacation,
rather than, er, vacating work."

Conference participants are encouraged to bring their families.



The Conference

Ray Hirschfeld, the conference chair, has picked an outstanding group of
professionals and researchers, in financial cryptography, and in related
fields, to review the papers for this conference.

They are:

Chairman: Rafael Hirschfeld, CWI, Amsterdam, The Netherlands

Matthew Franklin, AT&T Laboratories--Research, Murray Hill, NJ, USA
Michael Froomkin, U. Miami School of Law, Coral Gables, FL, USA
Arjen Lenstra, Citibank, New York, NY, USA
Mark Manasse, Digital Equipment Corporation, Palo Alto, CA, USA
Kevin McCurley, Sandia Laboratories, Albuquerque, NM, USA
Charles Merrill, McCarter & English, Newark, NJ, USA
Clifford Neuman, Information Sciences Institute, Marina del Rey, CA, USA
Sholom Rosen, Citibank, New York, NY, USA
Israel Sendrovic, Federal Reserve Bank of New York, New York, NY, USA

Some of the names may be recognizable to you. But, if they're not, included
in that list are the inventor of Millicent, the head of EU's CAFE digital
cash project, the holders of Citicorp's digital cash patent, two famous
scholars in cryptography and digital commerce law, the Chair of Eurocrypt
'96, and the Chairman of the Taskforce on the Security of Electronic Money
for the Bank for International Settlements.

If we'd gotten any more talent, we couldn't have had a conference, because
the committee can't review the work of it's own members!

The actual agenda of the conference will be determined by the papers the
program committee selects, so we won't have a final schedule for the
conference until the middle of January. However, the conference committee
is selecting papers in what it considers the union, and not the
intersection, of the fields of finance and cryptography.

Examples of topics it will consider are:

    Anonymous Payments                      Fungibility
    Authentication                          Home Banking
    Communication Security                  Identification
    Conditional Access                      Implementations
    Copyright Protection                    Loss Tolerance
    Credit/Debit Cards                      Loyalty Mechanisms
    Currency Exchange                       Legal Aspects
    Digital Cash                            Micropayments
    Digital Receipts                        Network Payments
    Digital Signatures                      Privacy Issues
    Economic Implications                   Regulatory Issues
    Electronic Funds Transfer               Smart Cards
    Electronic Purses                       Standards
    Electronic Voting                       Tamper Resistance
    Electronic Wallets                      Transferability

=46inancial Cryptography '97 is held in cooperation with the
International Association for Cryptologic Research. The conference
proceedings will be published on the web by the Journal for Internet
Banking and Commerce. <http://www.arraydev.com/commerce/JIBC/>.

=46or further information on submitting a paper to the FC97, and other
details about the program of the conference, please see program committee's
web-page at <http://www.cwi.nl/conferences/FC97>.


On the lighter side, the conference will be covered by Wired Magazine, and
will be the featured conference in it's January 1997, (ahem...) "Deductible
Junkets" section. So, you might want to register, and make your plane and
hotel reservations, before the rush begins...

The price of a pass to the conference sessions and exhibits is $1,000 U.S.

(Since we're on Anguilla, and there are no taxes of any kind, we thought
we'd keep prices in nice round numbers, just to make things interesting.
:-).)

The price includes breakfast at the conference, some stipends for
presenters who need them, and the logistics of having a professional
conference with high-bandwidth internet connectivity in a location like
Anguilla. In looking around, however, the conference organizers *did*
notice that FC97 price is in keeping with other business and professional
technology conferences of similar total session length, so everything seems
to work out. The market *is* efficient, after all.

You can register, and pay for, your conference ticket at:

<http://www.offshore.com.ai/fc97/>



The Exhibition

Concurrent with the conference will be the the FC97 Exhibition, a small
trade show for financial cryptography products and services. Each booth
will have high bandwidth access to the internet (yes, there *are* T1s in
Anguilla), and will get 2 conference passes. Booth prices start at $5,000
US. Please contact Julie Rackliffe at <mailto: rackliffe@tcm.org> for
further information . As space is limited, please register as soon as
possible if you plan to be there.



The Workshop

We are especially honored to have Ian Goldberg as the leader of the FC97
Workshop, which will run one week prior to the conference, February 17-21,
1997.

Ian, the cryptographer at Berkeley who was made famous last year (in
articles in both the Wall Street Journal and the New York Times) for
breaking Netscape's transaction security protocols, will be running an
intensive, 5-day workshop for senior managers and technology professionals.

While the workshop is still being developed, and will depend on the skills
of the planned participants, workshop topics will include, but not be
limited to:

The Internet (depending on the background of the participants)
Overview and background of cryptography
Survey of existing and proposed Internet payment systems
Details on some specific payment systems
Issues involved in setting up a secure Internet site

And, depending on whether Ian finishes coding it (it looks likely), a
step-by-step walkthrough of setting up an ecash-enabled Web server.

Ian has recruited strong roster of instructors with credentials similar to
his own, and, as he plans to maintain a 5-1 student/teacher ratio, the size
of the workshop will be restricted and 2 months advance registration well
be required.

=46urther information about the workshop can be found at:

<http://www.cs.berkeley.edu/~iang/fc97/workshop.html>

The planned price for the workshop is $5,000. This covers lab space,
hardware, network access, software, and, of course, 40 hours of instruction
and structured lab activity. The lab itself will be open 24 hours a day, if
demand warrants it.

Sponsorship Opportunities

=46C97 offers many exciting sponsorship opportunities at all levels.
Corporations are encouraged to to be an exclusive sponsor for lunch or
dinner, each of which will be followed by a recreational activity of some
kind. Sponsors will have the opportunity to permanently attach their name
to these important networking functions, which the organizers hope will be
a large part of the conference experience. There are 10 such events being
planned, and 10 corporations will be accepted for sponsorship. Corporate
sponsors of these events will also get a substantial initial discount on
exhibit space, and complementary conference tickets.

In-kind sponsorship is available at all levels of support, with
opportunities for companies to provide networking, bandwidth, hardware,
radio pocket modems and equipment, as well as design and print services,
transportation, entertainment, catering, sunscreen and, well, if you've got
it and you think we'll need it, let us know about it -- we probably do.

Please contact Julie Rackliffe at <mailto: rackliffe@tcm.org> for further
sponsorship information.



Air Transportation and Hotels

Air travel to Anguilla is typically done through either St. Thomas for US
flights, or St. Maarten/Martin for flights from Europe. Several non-stop
flights a day from various US and European locations can be made to either
destination. Connection through to Anguilla can be made through American
Eagle, or through LIAT. See your travel agent for details. American Eagle
Airlines has agreed to increase their flights as needed to accomodate any
extra traffic the conference brings to the island.

Anguilla's runway is 3600 feet, with a displaced threshold of 600 feet, and
can accomodate business jets. Obviously, you should talk to your own FBO
for details about your own aircraft's capabilities in this regard.

Anguilla import duties are not imposed on hardware or software which will
leave the island again, so, as long as you take it with you when you leave
you won't pay taxes for leaving it there.

Hotels range from spartan to luxurious, and more information about hotels
on Anquilla can be obtained from your travel agent, or at
<http://offshore.com.ai/>.



Why Anguilla?

We picked Anguilla for two reasons, both of them mildly political. The
first is, of course, the US ITARs, which classify cryptography as a
"munition" and restrict it's export. Thus, every effort will be made to
highlight the absurdity of these regulations through the use of foriegn
software, "leaked" software, and, of course, where necessary, US-exportable
"crippleware", in the networking and server software of the conference and
workshop. Of course, the conference content itself is not a violation of
the ITARs, as the "munitions" being exported are in the heads of the
attendees, or on paper, and thus not (typically!) subject to the US ITARs.
Consider it a mild tweak on the nose of the Clinton Administration, in an
era of 56-bit exportable keysize maxima.

The other mildly political reason is that Anguilla is a tax haven. There
are no taxes except import duties. None. No income, capital gains, sales,
excise, or property taxes -- none. Anguilla's banking secrecy laws are about
the finest there are anywhere.

This is important to the organizers of the conference because most of the
other proposed regulations of financial cryptography, particularly those of
"token", or "note" based systems, are because they enable cash settlement,
even perfectly anonymous cash settlement, of transactions of practically
any size. Economic reality is not optional; if, in fact, the significantly
reduced cost of these technologies make auditable "book-entry" transaction
settlement obsolete, then there isn't much that the taxation or
law-enforcement authorities of the world's nation-states can do about it.
We consider countries like Anguilla an existance proof of the concept. Any
attempt to restrict these technologies will only backfire on nations
attempting to do so. Nation-states will simply have to develop taxation and
law enforcement methods other than auditing book-entries. In fact, most
central bankers and financial crime enforcement professionals who
understand the technology also realize this, so, of course, our point is
only *mildly* political, at this stage of the argument, anyway.

Of course, the fact that Anguilla's average daytime temperature in February
is in the low 80's farenheit, and that of, say, Boston, is in the low 20's,
and the fact that cyclonic storms are in the *other* hemisphere that time
of year, has *nothing*, we say, *nothing* to do with our decision to hold a
conference there. We're simply shocked you would suggest such a thing.
Neither, for that matter, does the fact that the average water visibility
on Anguilla's coral reefs can be measured in hundreds of feet (if you can
see that far for the blinding riot of color, that is...).



Registration for FC97

Again, if you're interested in coming to FC97 see:

<http://www.offshore.com.ai/fc97/>

=46or information on presenting papers at FC97 see:

<http://www.cwi.nl/conferences/FC97>

If you're interested in Exhibit space, please contact Julie Rackliffe:

<mailto:rackliffe@tcm.org>

If you're interested in sponsoring FC97, also contact Julie Rackliffe:

<mailto:rackliffe@tcm.org>

If you're interested in the FC97 Workshop for Senior Managers and IS
Professionals, see:

<http://www.cs.berkeley.edu/~iang/fc97/workshop.html>



See you in Anguilla!

The FC97 Organizing Committee

Vince Cate and Bob Hettinga, General Chairs
Ray Hirschfeld, Conference Chair
Ian Goldberg, Workshop Chair
Julie Rackliffe, Conference, Exhibit, and Sponsorship Manager










-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/




-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/