From: Harry Shapiro <habs@Panix.Com>
Date: Sun, 18 Apr 93 06:22:00 PDT
To: cypherpunks@toad.com
Subject: Mitch on the Clipper Mailing list
Message-ID: <199304181319.AA29552@sun.Panix.Com>
MIME-Version: 1.0
Content-Type: text/plain


I had asked Mitch to repost any communications that
have gone over this list. He has.

I appreciate his willing to clear up this issue.

As I have stated before, I believe him, that NIST simply
created this list of people they wanted to be in direct
contact with.

/harry


a conscious being, Mitchell Kapor wrote:
> From mkapor@eff.org Sun Apr 18 00:58:00 1993
> Message-Id: <199304181257.AA06031@eff.org>
> Date: Sun, 18 Apr 1993 08:58:00 -0800
> To: habs@Panix.Com
> From: Mitchell Kapor <mkapor@eff.org>
> Subject: Re: The mysterious mailing list
> 
> I received the statement of the Press Secretary and the public fact sheet
> from Ed Roback.  I have not repoduced the full text as it is readily
> available elsewhere.
> 
> Following this is a thread between Gerano Cannoni and Martin Hellman.  I
> have deleted the text of Marty's longest response, as it is being
> circulated elsewhere.

> Last, there is a single message from A. Pagett Patterson.

> And that's it (assuming I haven't missed something in reviewing my
mail stream).

> Feel free to re-post this, put in on an FTP, whatever.  I don't have any
> more time to deal with this issue.
> 
> Date: Fri, 16 Apr 93 11:02:59 EDT
> From: Ed Roback <roback@first.org>
> Organization: FIRST, The Forum of Incident Response & Security Teams
> Posted-Date: Fri, 16 Apr 93 11:02:59 EDT
> To: clipper@csrc.ncsl.nist.gov
> Subject: text of White House announcement and Q&As on clipper chip encryption
> 
> Note:  This file will also be available via anonymous file
> transfer from csrc.ncsl.nist.gov in directory /pub/nistnews and
> via the NIST Computer Security BBS at 301-948-5717.
>      ---------------------------------------------------
> 
>                          THE WHITE HOUSE
> 
>                   Office of the Press Secretary
> 
> _________________________________________________________________
> 
> For Immediate Release                           April 16, 1993
> 
> 
>                 STATEMENT BY THE PRESS SECRETARY
> 
> 
> The President today announced a new initiative that will bring
> the Federal Government together with industry in a voluntary
> program to improve the security and privacy of telephone
> communications while meeting the legitimate needs of law
> enforcement.
> ...
> 
> Date: Fri, 16 Apr 93 16:44:10 EDT
> From: Ed Roback <roback@first.org>
> Organization: FIRST, The Forum of Incident Response & Security Teams
> Posted-Date: Fri, 16 Apr 93 16:44:10 EDT
> To: clipper@csrc.ncsl.nist.gov
> Subject: White House Public Encryption Management Fact Sheet
> 
> 
> 
> Note:     The following was released by the White House today in
>           conjunction with the announcement of the Clipper Chip
>           encryption technology.
> 
>                            FACT SHEET
> 
>                   PUBLIC ENCRYPTION MANAGEMENT
> 
> The President has approved a directive on "Public Encryption
> Management."  The directive provides for the following:
> ...
> 
> Posted-Date: Sat, 17 Apr 93 01:26:06 +0200
> From: caronni@nessie.cs.id.ethz.ch (Germano Caronni)
> Date: Sat, 17 Apr 93 01:26:06 +0200
> To: clipper@csrc.ncsl.nist.gov
> Subject: Clipper-Chip Escrow-System Flaws
> Newsgroups:
> alt.privacy,sci.crypt,alt.security,comp.security.misc,comp.org.eff.talk
> Organization: Swiss Federal Institute of Technology (ETH), Zurich, CH
> Cc: 
> 
> 
> Good day,
> as a non-citizien of USA I have read your announcment of the
> 'Clipper-Chip' with great interest, and am happy to see a increase
> in lawful privacy in the USA. I hope this policy will extend to
> other countries too.
> In the meantime I suspect two flaws in the 'Clipper-Chip' as it was
> announced today via NIST/electronic media.
> 
> 1) Keeping secret the algorithm which performs encryption is in my
>    humble opinion a bad idea. It hinders 'Clipper' to get publicly
>    accepted, and hinders the minute examination of the Clipper-
>    Algorithm by other then a few experts.
>    But I am sure this was well considered.
> 
> Now the important suggestion :=)
> 
> 2) By splitting the 80-Bit-Key of clipper in two parts, and give
>    them to different organizations, you add an uneeded WEAKNESS
>    to the escrow-system. This way, corruption of one escrow will
>    allow an easier attack on the Key than might be possible.
>    (e.g. if I obtain 40 bits of possible 80 bits keys, exhaustive
>     keysearch is definitively no problem.)
>    You might instead generate 2 (or even more, if this ist not
>    politically indesired) 80-Bit-Sequences which, when XOR-ed
>    together will provide the original, needed key, but alone they
>    are worthless. I am sure persons with knowledge in this area, which
>    surely can be found at NIST (or wherever) will agree.
> 
> I hope that this remark is of interest for you.
> 
> Friendly greetings,
> 
> 	Germano Caronni
> 
> 
> P.S.
> I am sure you have remarked, that the current policy is interpretable
> to tend toward an abolition of 'unbreakable' secure communication
> via electronic Media, and hope that this will _not_ come true.
> 
> Disclaimer: This mail is in now way whatsoever connected to the Swiss 
> Federal Inst. of Technology, but expresses my personal thoughts.
> 
> 
> 
> 
> Organization: FIRST, The Forum of Incident Response & Security Teams
> Posted-Date: Fri, 16 Apr 93 22:32:14 PDT
> Date: Fri, 16 Apr 93 22:32:14 PDT
> From: "Martin Hellman" <hellman@isl.stanford.edu>
> To: caronni@nessie.cs.id.ethz.ch, clipper@csrc.ncsl.nist.gov
> Subject: Re:  Clipper-Chip Escrow-System Flaws
> 
> I received your message suggesting:
> 
> 2) By splitting the 80-Bit-Key of clipper in two parts, and give
>    them to different organizations, you add an uneeded WEAKNESS
>    to the escrow-system. This way, corruption of one escrow will
>    allow an easier attack on the Key than might be possible.
>    (e.g. if I obtain 40 bits of possible 80 bits keys, exhaustive
>     keysearch is definitively no problem.)
>    You might instead generate 2 (or even more, if this ist not
>    politically indesired) 80-Bit-Sequences which, when XOR-ed
>    together will provide the original, needed key, but alone they
>    are worthless. 
> 
> In a conversation with NSA today, I was told
> that two random 80-bit numbers will be XORed to produce
> the 80-bit key and the two individual numbers kept by
> two separate escrow authorities  -- who they are is
> to be decided. So your suggestion is, in fact, how it
> will be handled.
> 
> martin hellman
> 
> Disclaimer: this in no way should be interpreted to mean
> that I approve of the Clipper Chip. While I am still in the
> process of learning more about it, my immediate reaction
> was not positive. More later.
> 
> Organization: FIRST, The Forum of Incident Response & Security Teams
> Posted-Date: Sat, 17 Apr 93 23:05:23 PDT
> Date: Sat, 17 Apr 93 23:05:23 PDT
> From: "Martin Hellman" <hellman@isl.stanford.edu>
> To: ...clipper@csrc.ncsl.nist.gov...
> Subject: Clipper Chip
> 
> 
> Most of you have seen the announcement in Friday's NY Times,
> etc. about NIST (National Institute of Standards & Technology)
> announcing the "Clipper Chip" crypto device. Several messges
> on the net have asked for more technical details, and some have
> been laboring under understandable misunderstandings given
> the lack of details in the news  articles. So here to help out
> is your friendly NSA link: me. I was somewhat surprised Friday
> to get a call from the Agency which supplied many of the missing
> details. I was told the info was public, so here it is (the cc of this
> to Dennis Branstad at NIST is mostly as a double check on my
> facts since I assume he is aware of all this; please let me know
> if I have anything wrong):
> 
> ...
> 
> 
> Organization: FIRST, The Forum of Incident Response & Security Teams
> Posted-Date: Sat, 17 Apr 93 08:55:31 -0400
> Date: Sat, 17 Apr 93 08:55:31 -0400
> From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson)
> To: "clipper@csrc.ncsl.nist.gov"@uvs1.dnet.mmc.com
> Subject: Panel
> 
> I would like to be considered for the "outside panel" assessing the 
> Clipper Technology.
> 						A. Padgett Peterson, P.E.
> 
> 
> 


-- 
Harry Shapiro  				      habs@panix.com
List Administrator of the Extropy Institute Mailing List
Private Communication for the Extropian Community since 1991