From: wcs@anchor.ho.att.com
Date: Mon, 13 Feb 95 18:53:11 PST
To: cypherpunks@toad.com
Subject: Re: CDT POLICY POST No.2 -- X9 TO DEVELOP TRIPLE-DES STANDARDS
Message-ID: <9502140251.AA28439@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Yahoo!

> From: Jack Repenning <jackr@dblues.engr.sgi.com>
>         In a November letter to committee members, the NSA
>         threatened to prevent the export of triple- DES, citing
>         existing US law and potential threats to national
>         security (see attached NSA letter).
> Oh, no, surely not.  There must be some misunderstanding here -
> they *promised* they wouldn't block export of non-Clipper
> things.  They wouldn't lie!

There's already some extra slack in the law and the official policy
for exporting encryption for use in banking; the NSA could get around it
by asking the banking regulators to impose some sort of Key Forfeiture nonsense,
which wouldn't lose much privacy since most banks are already
pretty cooperative about such things.

On the other hand, banks are rich enough to hire some off-shore programmer 
to write triple-DES implementations, given the current protocols,
as well as to lobby CONgress or the administration to keep the NSA in line.