From: Brian Davis <bdavis@thepoint.net>
Date: Sun, 20 Aug 95 14:10:51 PDT
To: aba@atlas.ex.ac.uk
Subject: Re: Another SSL breakage...
In-Reply-To: <7849.9508171510@exe.dcs.exeter.ac.uk>
Message-ID: <Pine.D-G.3.91.950820165648.14336E-100000@dg.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 17 Aug 1995 aba@dcs.exeter.ac.uk wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 
> All hell seems to have broken loose whilst I was lazing on the beach
> yesterday.  SSL breakings, big name newspaper newsreports (of varying
> degrees of accuracy), and much ITAR bashing (yay!) or perhaps that
> should be nooooh! 'cos I might be doing myself out of work as a UK
> crypto hacker (as John Hemming said in the article Robert Hettinga
> forwarded) if we loose the fun advantage of being in the free world,
> and not having to follow the ITAR nonsense.
> 
> Anyway, congratulations Damien!

I add my congratulations to everyone else's.  But, as the list rejoices 
that this means the "end of ITAR" or, more accurately put the "end of 
encryption programs as 'munitions'", I've got to play the devil's advocate.
Many of you, of course, see me as the Devil's Advocate.  

Anyway, certain arms of the government want to prevent strong crypto from 
being exported so that they can easily decode encrypted messages from 
abroad (at least those using US developed software).  Damien's impressive 
feat is that exportation of weak crypto indeed makes that possible.  Some 
posters have discussed the time and difficulty in decoding strong crypto 
... I think all agree that it would take significantly longer (or much 
more computer time) but is not impossible.

So ... has this proven that the banning of strong crypto is the correct 
way to go, and that, at least to some, credit card transactions using 
weak crypto will be acceptable to most (given the ease of getting CC#s 
other ways)?

Donning my asbestos suit,
And speaking only for myself ...

EBD