1996-05-31 - Re: NRC Cryptography Report:

Header Data

From: frantz@netcom.com (Bill Frantz)
To: cypherpunks@toad.com
Message Hash: 411b1a5405a50a00f9c2acbd8b6c27f142fbd001e9813727c2b6bc60a7dd9504
Message ID: <199605310619.XAA02330@netcom7.netcom.com>
Reply To: N/A
UTC Datetime: 1996-05-31 11:45:01 UTC
Raw Date: Fri, 31 May 1996 19:45:01 +0800

Raw message

From: frantz@netcom.com (Bill Frantz)
Date: Fri, 31 May 1996 19:45:01 +0800
To: cypherpunks@toad.com
Subject: Re: NRC Cryptography Report:
Message-ID: <199605310619.XAA02330@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Some dumb questions from a citizen.

Note: Recommendation summaries are from "Fight-Censorship Dispatch #11:
Landmark Crypto Study Released", posted by Declan McCullagh
<declan@eff.org>.  Thanks Declan.

>Recommendation 4:  Export controls on cryptography should be
>progressively relaxed but not eliminated.
>
>        4.1 -- Products providing confidentiality at a level that
>        meets most general commercial requirements should be easily
>        exportable.  Today, products with encryption capabilities that
>        incorporate 56-bit DES provide this level of confidentiality
>        and should be easily exportable.

How do you reconcile this recommendation with the recommendation of the
Cryptography experts group that data which needs to be kept secret for 20
years should be protected by at least 90 bit keys?

The current export restrictions inhibit using strong crypto domestically. 
How do this recomendation free domestic crypto for commercial development? 
Another way of asking is, how can strong crypto be distributed in the US so
as to preclude prosecution for exporting it?  How do future export controls
affect software posted to FTP/web sites?

>
>        5.3 -- To better understand how escrowed encryption might
>        operate, the U.S. government should explore escrowed
>        encryption for its own uses.  To address the critical
>        international dimensions of escrowed communications, the U.S.
>        government should work with other nations on this topic.

How do government experiments with key recovery systems help us learn about
their vulnerablities to human level attacks, e.g. bribery?  How much
negotiable value will these government systems carry?

How will GAKed systems protect US business from spying by foreign
governments?  France is rumored to be particularly active in commercial
spying, and will want access to all keys used in France.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA







Thread