1998-12-19 - [Steve Coya] Harmful changes to Wassenaar Arrangement
Header Data
From: Robert Hettinga <rah@shipwright.com>
To: cypherpunks@cyberpass.net
Message Hash: 7d65bda8548f556b15e3b52d5faa279d2d6367ea3546374497a36ea931c59b66
Message ID: <v04020a5bb2a0a6b3bc4f@[139.167.130.248]>
Reply To: N/A
UTC Datetime: 1998-12-19 01:19:58 UTC
Raw Date: Sat, 19 Dec 1998 09:19:58 +0800
Raw message
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 19 Dec 1998 09:19:58 +0800
To: cypherpunks@cyberpass.net
Subject: [Steve Coya] Harmful changes to Wassenaar Arrangement
Message-ID: <v04020a5bb2a0a6b3bc4f@[139.167.130.248]>
MIME-Version: 1.0
Content-Type: text/plain
--- begin forwarded text
To: cryptography@c2.net
Subject: [Steve Coya] Harmful changes to Wassenaar Arrangement
Reply-To: perry@piermont.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: 18 Dec 1998 18:51:52 -0500
Lines: 49
Sender: owner-cryptography@c2.net
FYI, from the IETF Secretariat.
Message-Id: <199812182315.SAA10709@ietf.org>
To: IETF-Announce: ;
Subject: Harmful changes to Wassenaar Arrangement
Date: Fri, 18 Dec 1998 18:15:36 -0500
From: Steve Coya <scoya@ns.cnri.reston.va.us>
The IAB and the IESG deplore the recent changes to the Wassenaar
Arrangement (http://www.wassenaar.org) that further limit the
availability of encryption software by including it in the Wassenaar
agreement's list of export controlled software (section 5.A.2.a.1
of the list of dual-use goods, WA LIST 98 (1)). As discussed in
RFC 1984, strong cryptography is essential to the security of the
Internet; restrictions on its use or availability will leave us
with a weak, vulnerable network, endanger the privacy of users and
businesses, and slow the growth of electronic commerce.
The new restrictions will have a particularly deleterious effect
on smaller countries, where there may not be enough of a local
market or local expertise to support the development of indigenous
cryptographic products. But everyone is adversely affected by
this; the Internet is used world-wide, and even sites with access
to strong cryptographic products must be able to talk to those who
do not. This in turn endangers their own security.
We are happy that the key size limit has been raised in some cases
from 40 bits to 64; however, this is still too small to provide
real security. We estimate that after a modest capital investment,
a company or criminal organization could crack a 64-bit cipher in less
than a day for about $2500 per solution. This cost will only drop
in coming years. A report released about three years ago suggested
that 90-bit keys are the minimum for long-term security.
Brian Carpenter (IAB Chair)
Fred Baker (IESG and IETF Chair)
--- end forwarded text
-----------------
Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Thread
Return to December 1998
Return to “Robert Hettinga <rah@shipwright.com>”
1998-12-19 (Sat, 19 Dec 1998 09:19:58 +0800) - [Steve Coya] Harmful changes to Wassenaar Arrangement - Robert Hettinga <rah@shipwright.com>