m-o-o-t

FAQ

Who are m-o-o-t? An informal group of (mostly) civil libertarians who include cryptographers and programmers. We aren't exactly secret, but some of us don't want to be identified. Some of us are very good at not being identified, and I don't know who you are! Also anyone who wants to help. We are negotiating with some people who run servers and want to run data havens, but they are not properly part of m-o-o-t.

When? The day the Home Office "commences" Pt.3 of RIPA. At present it looks like this will happen this autumn (2002) but the HO still say on their website that it will happen "in the second half of 2001" despite the recent announcement about publishing a Draft Code of Practice this June (that's one step the HO must go through before finally presenting a Commencement Order to Parliament).

Why not PGP etc.? The standard implementations of PGP and almost all other security programs are almost totally insecure against the threat of demands for keys. They weren't designed that way, probably beacuse the designers thought it could never happen.

There are other individuals and groups working on similar projects, but we think m-o-o-t is the best, most secure and most widely usable. StegFS, Rubberhose, and even the latest version of Bestcrypt can all hide even the existence of encrypted files, and for messaging the simplest solution is just to change keys often, keeping a long-term key to authenticate the short-term keys. m-o-o-t just puts the best of this sort of technology into a form that is easy for the average user, and includes some extra security goodies.

Which computers will m-o-o-t run on? Most PC's and New World Mac's

How much will m-o-o-t cost? m-o-o-t will be free for users, except for CD costs, and users can freely burn copies for their friends. at the moment we do nat accept donations, and I don't expect that situation will change.

If havens charge users then there will be a fee, but if they don't they can use the server software free. Note this only applies to mailservers, data servers don't need any special software. This fee is meant to help pay for the development of m-o-o-t 2, which should include traffic anonymity without having to trust the servers. Mailservers will benefit mostly from this - they will probably have to charge users for m-o-o-t 2, as the service will be expensive to run, so we're just making them pay a bit in advance.

Won't governments get annoyed and just change the laws? They probably will get annoyed, but I couldn't write a law that would be effective, and I very much doubt that they (or anyone else) could. The technology m-o-o-t uses is well-known, and even the code implementations are largely existing, previously peer-reviewed code.

Where did the name come from? moot -
noun: a meeting
adjective: both relevant and irrelevant, both spoken and silent

Why so complicated? m-o-o-t is for everybody, not just geeks, and we wanted to make it as secure as we would like it to be. The design is not really complicated, just a lot of work, and it will be very simple to use. We want lots of people to actually use it so it has to be used on normal everyday computers, and they have a habit of copying data to temporary files - thus the special operating system and the need for a dedicated suite of programs, which also makes the life of any trojans hard: we want it to be a break with previous insecure systems so it has to be incompatible with them: we want to discourage insecure implementations, thus the need to have a single CD distribution.

What problems do you forsee? Some problems with winmodem drivers, getting it all done.

What's the deal with signatures? There is an exemption for signature-only keys in RIPA, although it's not terribly clear in the cases we want to use it for. We will use a signature key to authenticate eg requests for access to servers, messages and message keys, and suchlike.

Are all these laws part of a FBI plot? I doubt it, but the rumour is not totally without foundation. It does seem that the FBI is at least involved in all of them.

How come are governments are making stupid laws that are so easy to circumvent? I guess governments don't know enough cryptography, but why the opinions of spy-type cryptographers have been ignored is a mystery. Maybe they aren't very good cryptographers - unlikely, they'd have to be terrible - maybe they have quantum computers and can crack any code, maybe they are running a bluff, maybe governments are just not listening. Who knows? I'd bet on wilful deafness. GCHQ and NSA don't seem to be involved much...


main page