1995-11-13 - Re: Market Value of Web Pages

Header Data

From: Mark <mark@lochard.com.au>
To: tcmay@got.net (Timothy C. May)
Message Hash: a117ab2d65566efda0143315bbd7b1280414baa18a58e377d71cf1de48f903e1
Message ID: <199511130035.AA32505@junkers.lochard.com.au>
Reply To: <acc7f59c06021004e10b@[205.199.118.202]>
UTC Datetime: 1995-11-13 12:09:40 UTC
Raw Date: Mon, 13 Nov 1995 20:09:40 +0800

Raw message

From: Mark <mark@lochard.com.au>
Date: Mon, 13 Nov 1995 20:09:40 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Market Value of Web Pages
In-Reply-To: <acc7f59c06021004e10b@[205.199.118.202]>
Message-ID: <199511130035.AA32505@junkers.lochard.com.au>
MIME-Version: 1.0
Content-Type: text


>>If you toss arguements like this at some of the sites that would be viable for
>>the hit numbers and then explain the only way that will occur is if the crypto
>>laws are repealed, you will create a lot more lobbiers annoying their reps
>>for the cause. ecash without good crypto is like the Federal Reserve
>>deliverying cash with open pickup trucks. Or doing credit card purchases on
>>postcards.
>
>And if you make arguments that this is easy to do, and add that crypto laws
>are stopping this from happening, you risk losing your credibility.
>
>The current crypto export laws are a pain, but are not stopping these
>"million hits a day" transactions. Recall that the 40 bits allowed in
>Netscape for export took some non-trivial number of machine-hours to crack
>(I'm talking about the brute force crack by Damien G. and others, not the
>more recent exploitation of the RNG weakness). While this brute force crack
>showed the limitations of the 40-bit key for certain transactions, it is
>not a viable attack on a single transaction whose value is pennies.

My point was (and I failed to mention it :) that to protect against stolen
funds you need to encrypt the transactions using strong crypto. Amongst US
juridictions this is possible so long as you license the technologies... so
be it. The achilles heel for global secure business from the US is the ITAR
limitations. This weakens the crypto to levels that are breachable by quite
a lot of people.  As machines get faster and the ITAR laws keep the MTTB
(Mean Time To Break) down it will become more and more efficient to collect
and exploit electronic cash or credit cards.

In other words, if you want to run a trusted global electronic cash based
business then you need strong crypto otherwise someone will break your
transfers and therefore reputation and noone will want to do business with
you over the inet. At the very least it will cost you PR $ to curb any
damage done. Just ask Netscape.

You can live fine with the 250 million people in the US buying your product,
but with 5 billion potential users out there globally, (with various degrees
of connectivity), it makes sense to enable them to buy from you too.

Off topic:
Personally I dont see the relevance of ITAR and crypto any more. When was the
last time any one was prosecuted under its statutes? What is the point of
banning exportation of software which is widely available outside the US
anyway? It's idiocy. Any foreign power or cartel wanting secure comms is not
going to balk at using any method that can, irrespective of its legality
in the eyes of the US. With their resources they can construct secure OTP
systems by sending in people with a couple of "music CDs" in their briefcase.

Mark
mark@lochard.com.au





Thread