From: Alex Strasheim <cp@proust.suba.com>
Date: Wed, 24 Jan 1996 01:24:45 +0800
To: herbs@connobj.com (Herb Sutter)
Subject: Re: Blacknet & Lotus Notes
In-Reply-To: <2.2.32.19960123140645.006ce49c@mail.interlog.com>
Message-ID: <199601231607.KAA01940@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> I think people are missing the point... even if we assume the absolute worst
> case, that the private key is broken and becomes publicly available,
> international Notes users are no worse off than before.

This sentiment is why this is such a clever move on the part of the 
government.

There are a number of problems with the Lotus plan.

First of all, 40 bits isn't secure.  That's what international users have,
not 64 bits, and it's just not good enough.  International Notes 
customers know it, we know it, Lotus knows it, and the government knows 
it.

Second of all, any restriction on algorithms and key lengths is
unacceptable.  People and businesses have the right to protect their
privacy.  American software companies have to be able to deliver privacy
if they want to remain competitive in the global market.  It's essential 
that the government acknowledge these facts.

Finally, this agreement sets a very dangerous precdent.  The government is
holding keys and compelling people to "trust" them.  This is real, live 
gak.  You're right -- in a sense no one's any worse off than they would 
be with 40 bit keys.  But in another sense, there's a slippery slope 
problem here.  Gak is absolutely unacceptable in any way, shape, or 
form.  It's completely beyond the scope of what the government ought to 
be doing.  If we sit by idly while they set up the comparatively 
toothless gak, it will make things that much easier for them when more 
ambitious gaks come down the pike.

We need to do whatever we can to convince international customers that 
Notes isn't secure.  And we need to make Lotus understand why this deal 
isn't in anyone's interest.