1996-01-18 - Re: Ozzie Apes Jim Clark, Fix Is In to Cave and Cry

Header Data

From: Mark Rogaski <wendigo@pobox.com>
To: fstuart@vetmed.auburn.edu (Frank Stuart)
Message Hash: 2c411c60dd3c4ceaeb1550d1329cd456767e726c41ef739e6785c734f04c382c
Message ID: <m0td0AT-000jSpC@gti.gti.net>
Reply To: <199601181652.KAA13172@snoopy.vetmed.auburn.edu>
UTC Datetime: 1996-01-18 20:57:19 UTC
Raw Date: Fri, 19 Jan 1996 04:57:19 +0800

Raw message

From: Mark Rogaski <wendigo@pobox.com>
Date: Fri, 19 Jan 1996 04:57:19 +0800
To: fstuart@vetmed.auburn.edu (Frank Stuart)
Subject: Re: Ozzie Apes Jim Clark, Fix Is In to Cave and Cry
In-Reply-To: <199601181652.KAA13172@snoopy.vetmed.auburn.edu>
Message-ID: <m0td0AT-000jSpC@gti.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

- From the node of Frank Stuart:
: 
: >The new overseas version of Notes, tagged Release 4, will give
: >foreign users 64-bit security. But to get permission to export
: >the software, Lotus agreed to give the government access to 24
: >of those bits by using a special 24-bit key supplied by the
:                         ^
: Does anyone know if there really is just one 24-bit key for every copy of
: Lotus Notes or is this a miscommunication?  If there really is just one 24-bit
: key for everyone, can't you just look for the bits that don't change among
: different 64 bit keys?  (e.g. AND a "sufficiently large" number of 64-bit keys
: together to find the 1's that don't change and then OR them to find the 0's
: until you've got the 24 bit key).  Someone, please tell me that's not how it
: works (or post the 24-bit key  :>).
: 

That was the question that came to mind when I read the article, too.
How exactly are they planning on implementing this?  I admit my ignorance
concerning the working of Lotus Notes and how it handles keys.  Do they 
plan on escrowing a unique partial key for each licence? For each user?
Can users have multiple keys?  If so, how does this affect the key generation 
process.  

At first glance, unless the feds are gonna hand out keys via 
men-with-shiny-black-shoes-and-handcuffed-to-briefcases, the key
generation process is going to have to contact the feds and reveal the key.
Of course, I'm relatively new to this (gonna read Schneier real soon now ;) )
so I may be woefully off base, but this is my first reaction.

Is this partial escrow similar to saying, "We won't kill you, we'll just
amputate at the neck?"

- -----
Mark Rogaski           100,000 lemmings     rogaski@pobox.com 
aka Doc, wendigo        can't be wrong!     http://www.pobox.com/~rogaski/

VMS is as secure as a poodle encased in a block of lucite 
						... about as useful, too.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMP6hltT48ZIkMoEtAQGXoAf/WvtLJNlK7TobMfRKUMMwPP8C/kyaV7Kp
Jkz3kzoCYUCg0+5XovHdlukVb1Bt+McgJAIEg6TABEyE2R/Le1oDp2HFc6R/k5Lm
q25yiqi2UyXECnozH4mVO+nS2kTgEn74Y66wFYggIzp8mgIgRmFSIesyGYPIxWAd
+N/m5edR+fKEFQgOqg7dsOid9pmpPHEDJiTVLB3xwnS1GPiIUf03eHilCutsANmS
4lAlIdGftVCGfo3iNkTPkGj+iXpmPF8IFfM/4oeiIhzl9tqXv8ZkOnV7uHCn5k7N
puyE9bJ5pDnByEnHs2qIKRdi3+QADK9uq1meoPNEyllsK+uNdpeQwg==
=CZ8F
-----END PGP SIGNATURE-----





Thread