From: wcs@anchor.ho.att.com (Bill_Stewart(HOY002)1305)
To: cypherpunks@toad.com
Message Hash: 1ed46de5417dd46a939d39dbd7ec8c11c611c49ab8ef437daacecfe4728edcb1
Message ID: <9308050109.AA01631@anchor.ho.att.com>
Reply To: N/A
UTC Datetime: 1993-08-05 02:58:22 UTC
Raw Date: Wed, 4 Aug 93 19:58:22 PDT
From: wcs@anchor.ho.att.com (Bill_Stewart(HOY002)1305)
Date: Wed, 4 Aug 93 19:58:22 PDT
To: cypherpunks@toad.com
Subject: Re: InfoWorld Letter
Message-ID: <9308050109.AA01631@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text
Paul Goggin sent the list a copy of Steven Fisher's letter to InfoWorld about
NSA harassment for offering commercial crypto back in 1981.
The NSA is supposedly a bit better behaved these days, at least in public :-),
but it's no surprise. Sometime around then, they slapped patent secrecy
orders on a guy who had designed an analog scrambler for CB radio;
a real crypto-system must have been a much more significant threat to them.
A couple of comments were interesting:
One was the assertion in the letter he received from the BATF that their
product, as munition, could not only not be exported, but could also not
be sold to *multinational companies*. Was that the law then? Or was the
BATF just a bit over-enthusiastic about what they could get away with?
It's also interesting that it was the BATF.
Another was that the NSA asked them to put in a trapdoor. These days,
escrow is the politically correct way of implementing a trapdoor, but -
I wonder if it would be possible to make a trapdoor/weak escrow system,
which escrows the keys for *some* kinds of keys, enough to make the
bureaucrats think it's ok, but which also has a class of keys for which the
escrow is non-effective, bogus, or otherwise doesn't let the cops in,
which could be revealed to users after the system has been approved and sold?
Perhaps a system which requires 2**N steps to retrieve most keys from
escrow, but has a small set that can be gotten quickly for demos?
Could you do a system like that and hide it from the NSA for a while?
Some alternative approaches would be a system that obscured the escrow
(easy to build from clipper if you've got a programmable phone;
you just encrypt the Wiretap Field with your session key),
or worked fine with a bogus Wiretap Field, or a system where the escrow
can be made ineffective administratively (either lost by the escrow agents,
or requiring the participation of the telephone owner, or tampered by the owner)
At the very minimum, having a system that doesn't let the NSA cheat during the
escrow process would be a good start - where each part of the escrow key
is really installed separately, and verifiable hardwarily-random numbers are
used to seed the key generation.
Since the NSA\b\b\bNIST hasn't announced their plans for how to select
escrow agents, much less who they are, or how they *really* plan to set the keys,
I suppose it's premature to ask them to announce what the rules will be
for approval of escrow procedures or agencies or guarantee that if you follow
them, you'll be allowed to export your products? :-)
Bill
Bill Stewart wcs@anchor.ho.att.com +1-908-949-0705 fax-4876
ROT13 public key available upon request
Return to August 1993
Return to “wcs@anchor.ho.att.com (Bill_Stewart(HOY002)1305)”
1993-08-05 (Wed, 4 Aug 93 19:58:22 PDT) - Re: InfoWorld Letter - wcs@anchor.ho.att.com (Bill_Stewart(HOY002)1305)