From: jim bell <jimbell@pacifier.com>
To: Adam Shostack <tcmay@got.net (Timothy C. May)
Message Hash: 74c37623e370e4c6633248dd2397927c9fd90da9726c5ede44d759281d8faf5f
Message ID: <m0u1hAh-00090wC@pacifier.com>
Reply To: N/A
UTC Datetime: 1996-03-27 23:12:04 UTC
Raw Date: Thu, 28 Mar 1996 07:12:04 +0800
From: jim bell <jimbell@pacifier.com>
Date: Thu, 28 Mar 1996 07:12:04 +0800
To: Adam Shostack <tcmay@got.net (Timothy C. May)
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u1hAh-00090wC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain
At 11:11 AM 3/26/96 -0500, Adam Shostack wrote:
>Timothy C. May wrote:
>
>| My point is that I see no compelling legislation that is needed. If enough
>| people in Washington really want increased length in _exported products_
>| (remember the "exported" part), the Congress and the President should find
>| it easy enough to get said products on to the Approved List. (I note that
>| the Leahy Bill really doesn't change this system anyway...some products go
>| on the list, some don't...the law only seems to say that when the horse has
>| already left the barn, i.e., when "comparable" products are already in
>| fairly wide use outside the U.S., then the products should be put on the
>| approved list. Big deal.
> I'm forced to disagree on this point. I think that the
>comparable product has the potential to be a very big deal; it means
>that any product using IDEA or 3DES may become exportable, because
>such products are available outside the US.
>
> It may be that wide use will be quibbled over, but DES, weak
>as it is, is widely used outside the US, and IDEA and 3DES will be.
>Thats why this legistlation will fail to pass.
I think Tim already pointed out that the danger in this kind of conditional
approval is that it would be used to restrict export of new _usages_ for
cryptography based on their "political correctness" quotient, rather than
simply on the basis of level of security (length of codes.) In other
words, just because a program used 3DES or IDEA would not automatically make
it exportable. This may sound pessimistic, but unfortunately pessimistic
turns into "accurate" far too often.
Far more acceptable (and useful to us) would be a rule which would mandate
the government's allowing the export of any program that had, say, the key
security provided by IDEA or less, regardless of what it did with that
encryption. (Not that I want _any_ restrictions; it's just that such a
limit would make it impractically large to attempt to crack.)
Jim Bell
jimbell@pacifier.com
Return to March 1996
Return to “jim bell <jimbell@pacifier.com>”
1996-03-27 (Thu, 28 Mar 1996 07:12:04 +0800) - Re: So, what crypto legislation (if any) is necessary? - jim bell <jimbell@pacifier.com>