Great Circle Associates Firewalls
(March 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Clarification on Encryption Export Using CKE
From: thompson @ tis . com (Bill Thompson)
Date: Wed, 27 Mar 1996 22:24:15 -0700
To: Adam Shostack <adam @ homeport . org>
Cc: firewalls @ GreatCircle . COM 
>        Bill misses an important third option, and that is to go to
>one of the many vendors of cryptographic tools who are not based in
>the USA.  TIS did a survey, and found nearly 500 selling DES
>or stronger crypto.  Its unfortunate that the US government has forced
>good companies like TIS to develop all these silly hacks to protect
>data confidentiality.
>
>        TIS's survey can be found at: www.tis.com/crypto/survey.html

It is true that there are vendors who purport to have tools that don't
include a recovery mechanism, and some of these even work as advertised.
We have used this data to try to get the government to modify its posture
on encryption export.  They even used some of our info in their official
report, a redacted version of which is on the department of commerce web
site, and which was part of the basis for the August 1995 loosening of
export controls.

It is currently not clear that we can LEGALLY expect to be able to use
these solutions with impunity, nor is there any assurance that more than a
few of these vendors really have products, or will be around to deliver or
support them tommorrow.  The vast majority of them are woefully
underfunded, and bigger companies are avoiding getting involved either as
suppliers or users without the wholehearted endorsement of various
governments.

Further, the users of a truly globally deployed encryption solution are not
going to be as competent as the few users who exist today.  Recovery will
be a necessary feature, particularly with archived files.  Even RSA has
acknowledged that their corporate clients have DEMANDED that an escrow
feature be available.  Lots of other companies have ad hoc solutions for
escrow/recovery, primarily because there is a demand for it from their
customers. Unfortunalely, none of them work in the same way.  Now I ask
you: If the marketplace wants recovery, the government demands it in order
to allow encryption to be exported, and TIS has a solution that satisfies
both sides (albeit with less control than the government had in mind), why
wouldn't we all endorse a method that puts the private sector in control,
and has the potential to become an interoperable global standard?

As Steve Walker hypothesized at the RSA conference, no matter which initial
path  industry or government takes to enable the deployment of encryption
(unlimited encryption strength without recovery, or limited encryptFrom firewalls-owner  Thu Mar 28 17:19:08 1996
Received: (majordom @
 localhost) by miles.greatcircle.com (8.7.1-lists/Lists-951222-1) id AAA05034 for firewalls-outgoing; Thu, 28 Mar 1996 00:02:30 -0800 (PST)
Received: from mail.Clark.Net (mail.clark.net [168.143.0.10]) by miles.greatcircle.com (8.7.4/Miles-951221-1) with ESMTP id AAA05022 for <Firewalls @
 GreatCircle .
 COM>; Thu, 28 Mar 1996 00:02:24 -0800 (PST)
Received: from clark.net (mjr @
 clark .
 net [168.143.0.7]) by mail.Clark.Net (8.7.3/8.6.5) with ESMTP id DAA19606 for <Firewalls @
 GreatCircle .
 COM>; Thu, 28 Mar 1996 03:00:26 -0500 (EST)
From: "Marcus J. Ranum" <mjr @
 clark .
 net>
Received: (from mjr @
 localhost) by clark.net (8.7.1/8.7.1) id DAA05238 for Firewalls @
 GreatCircle .
 COM; Thu, 28 Mar 1996 03:00:24 -0500 (EST)
Message-Id: <199603280800 .
 DAA05238 @
 clark .
 net>
Subject: SKE
To: Firewalls @
 GreatCircle .
 COM
Date: Thu, 28 Mar 1996 03:00:23 -0500 (EST)
In-Reply-To: <199603270339 .
 TAA11252 @
 miles .
 greatcircle .
 com> from "firewalls-digest-owner @
 GreatCircle .
 COM" at Mar 26, 96 07:39:59 pm
Reply-To: mjr @
 v-one .
 com
Organization: V-One Corporation, Baltimore, MD Office
Phone: 410-889-8569
X-Mailer: ELM [version 2.4 PL24alpha3]
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: firewalls-owner @
 GreatCircle .
 COM
Precedence: bulk

Adam Safier <asafier @
 explorer .
 csc .
 com> writes:
>I think the point of key escrow is for Big Brother to be able to easily Tap
>(i.e. monitor not dance with)  computer communications.

	Yeah. We all know that. That's why all these bastard sons
of clipper smell the same no matter what they're dressed up in.
It's a shame that US vendors have to play these kinds of games to
ship products that can hope to compete with foreign crypto-based
products. I wish they'd stop telling me it's for my own good.
What a load of hooey.
	The price of freedom is ethernal vigilance and the price
of entrenched bureaucracy is infinite bullsh**.

mjr.
Indexed By Date Previous: Re: Firedoors? (was Re: Point of no gain)
From: Paul Ferguson <pferguso @ cisco . com>
Next: Re: Clarification on Encryption Export Using CKE
From: thompson @ tis . com (Bill Thompson)
Indexed By Thread Previous: Re: Clarification on Encryption Export Using CKE
From: Nicolas . Graner @ cri . u-psud . fr (Nicolas.GRANER)
Next: Re: Clarification on Encryption Export Using CKE
From: thompson @ tis . com (Bill Thompson)
Google
 
Search Internet Search www.greatcircle.com