From: djw@vplus.com (Dan Weinstein)
To: Herb Sutter <herbs@connobj.com>
Message Hash: 0af0f8f8739fafe4de85ef34d02d92569458578fad2fd6bc9fd026231d345a72
Message ID: <31058de2.3338398@mail.vplus.com>
Reply To: <2.2.32.19960123140645.006ce49c@mail.interlog.com>
UTC Datetime: 1996-01-24 13:41:40 UTC
Raw Date: Wed, 24 Jan 1996 21:41:40 +0800
From: djw@vplus.com (Dan Weinstein)
Date: Wed, 24 Jan 1996 21:41:40 +0800
To: Herb Sutter <herbs@connobj.com>
Subject: Re: Blacknet & Lotus Notes
In-Reply-To: <2.2.32.19960123140645.006ce49c@mail.interlog.com>
Message-ID: <31058de2.3338398@mail.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain
On Tue, 23 Jan 1996 09:06:45 -0500, Herb Sutter <herbs@connobj.com>
wrote:
<quoted material deleted>
>I think people are missing the point... even if we assume the absolute worst
>case, that the private key is broken and becomes publicly available,
>international Notes users are no worse off than before.
True, but they aren't any better off either. 40-bits is not secure,
neither is 64-bits.
>That said, it shouldn't happen soon. One of the things Ray said in his
>announcement was that the government agreed to both generate and then guard
>this key with the same diligence with which they guard their most important
>secrets (he specifically mentioned nuclear missile controls). While it
>makes for a nice sound bite, I'm comfortable that there's probably also a
>lot of truth to it.
That just means that it will be classified Top Secret and only those
with a "need to know" will have access. The government can set the
need to know at any level they want. Even if they truly try to
restrict access to their key, this does not even imply that they will
not allow it to be freely used. If I want a message read and am not
cleared for access to the key, I just send it to someone that does. I
have seen nothing from the government saying that they agree to only
use it if they have a warrant or even any reason to believe that the
message contains data that is important to national interests. They
are free to decode messages and give the information they obtain to a
competing company. IBM made the deal to help provide an illusion of
greater security, at least before the insecurity of 40 bits was well
known. They are actually doing a diservice to their customers by
trying to make them believe that their communitcations are actually
secure using just Notes. Does the packaging indicate that the U.S.
government has access to more than a third of the key?
Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.
"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.
Friedrich Nietzsche
Return to January 1996
Return to “Herb Sutter <herbs@connobj.com>”