From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 8 Sep 95 00:00:48 PDT
To: trei@process.com
Subject: Re: Notes from NIS&T Key Escrow Export conference.
Message-ID: <199509080700.AAA23137@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:26 AM 9/7/95 -6, Peter Trei wrote:
>"If keys are escrowed, what purpose does a 64 bit limit serve?"
A 64 bit limit serves lots of purposes, like letting the NSA crack stuff;
I suspect escrow is being used as an excuse to get big vendors to
standardize on wimpy 64-bit crypto as much as anything else.


>Secondarily, I observe that this apparently precludes the use of OTP.

Not to the devious (though the devious may not be able to get export approval)
After all, you could escrow a _lot_ of 32-bit OTPs :-)

(yeah, I know, the requirement that you identify which escrowed key is being
used makes that less than useful, unless the final standard comes out with
clear, unambiguous language which fails to cover all cases and can
therefore be abused - that's one problem with the current "ask the NSA" rule.)
#---
#                                Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---