From: catalyst-remailer@netcom.com
To: cypherpunks@toad.com
Message Hash: 89e442e30ba7c997e1b90eb1aab97af32db4d9f34ee0ad1c02f639ad5941dc24
Message ID: <199406150520.WAA29391@mail.netcom.com>
Reply To: N/A
UTC Datetime: 1994-06-15 05:20:18 UTC
Raw Date: Tue, 14 Jun 94 22:20:18 PDT
From: catalyst-remailer@netcom.com
Date: Tue, 14 Jun 94 22:20:18 PDT
To: cypherpunks@toad.com
Subject: Re: Cantwell Bill
Message-ID: <199406150520.WAA29391@mail.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
Mr. Gillogly wrote,
>The reason I don't consider your Stunning Revelation an important news
>flash is that it's just one example of the many ways crypto is actually
>exported. For example, PGP 2.6 was overseas within hours of its release.
That was a single ITAR violation. This is thousands.
>A more direct comparison is with DES: NIST has DES code available in
>soft copy in Appendix A of its publication fips181.txt, accessible in
>their public FTP directory with no warnings about export restrictions.
Huh? Who would want to export DES? That wont have any influence on people's
politics. PGP is a hot topic. *It's* export is all that people think about.
>The Cantwell stuff is extremely important for commercial products, but
>for private crypto (e.g. non-profit and non-infringing PGP
>implementations) it simply decriminalizes the existing vigorous export
>activity; rather like decriminalizing the use of marijuana.
The sumex case is like a huge year-long "smoke-in", the sort of thing
that might lead to *legalization* of hemp, if the lay public were aware
of it. "Private crypto" (PGP in all its guises) is becoming a standard,
yet its future development has been and still is being severely crippled
by ITAR worries among many who would otherwise be active core PGP
developers. Cantwell, in my eyes, is about *PGP*. I'm all for commercial
RSA, but unless I can send a friend a free copy of it, the hell with it.
Also remember commercial crypto hardly ever comes with source code!
Colin found a serious bug in PGP2.6 where one character was left out
in the crypto code. I believe it was someone else who pointed this out
to him. Had this happened with ViaCrypt PGP or "Microsoft Encrypt",
would you expect it to be found? How can you *trust* a commercial
crypto routine if the exact and compilable source code is not available?
And if PGP does become a standard, why do you want to pay for it 8-) ?
So you wont have to waste the time looking for backdoors in the source?
P.S. Sorry for the multiple posting, but I figured the remailer I used
was dead, since it was, for a day.
Return to June 1994
Return to “catalyst-remailer@netcom.com”
1994-06-15 (Tue, 14 Jun 94 22:20:18 PDT) - Re: Cantwell Bill - catalyst-remailer@netcom.com