From: frantz@netcom.com (Bill Frantz)
To: cypherpunks@toad.com
Message Hash: 133735e371b34cef5bf911d7daa8a7b444b2d9482ddba9eaea796e32918e1a2c
Message ID: <199607020623.XAA19680@netcom7.netcom.com>
Reply To: N/A
UTC Datetime: 1996-07-02 09:55:46 UTC
Raw Date: Tue, 2 Jul 1996 17:55:46 +0800
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 2 Jul 1996 17:55:46 +0800
To: cypherpunks@toad.com
Subject: SAFE Forum
Message-ID: <199607020623.XAA19680@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
Rather than a complete report (which will cover a lot of material people
here already know), I will just give you my highlights from the forum.
None of the people on the first panel have been asked to testify before
either intelligence committee. (Panel was: Lori Fena, EFF; Craig Mundie,
Microsoft; Eric Schmidt, Sun; and a substitute for Marc Andreessen from
Netscape).
Current government "Key Escrow" systems cost $200/key/year. [Craig Mundie]
These systems can best be described as key-rental systems.
"Crime prevention ought to be part of the FBI's mission. [Herbert Lin,
National Research Council]
Jim Omura [Cylink] spoke of specific business his company has lost to
foreign competitors due to export licensing problems. He spoke of
protecting US corporate links between China and the US.
CompuServe losses are mostly overseas (in e.g. the former USSR) due to
insecure communications and Telephone companies. [Tom Oren, CompuServe]
PGP Inc bought ViaCrypt on Friday. [Phil Zimmermann, PGP Inc.] (Scooped by
Ian Goldberg)
Congresswoman Eshoo appeared not to have heard about PGP being used by
human rights groups in e.g. Bosnia to protect their files.
National Research Council report available from: www2.nas.edu/cstbweb
A compromise on key length won't satisfy either side because those using
encryption to protect their data want every single message to be secure
(implying long keys and brute force times), while those monitoring
communications need to quickly decide whether a message is interesting
(implying short decrypt times). [Whit Diffie, Sun]
We sell RC4, 40 bit decryption hardware (based on AMD29000) for $16K. FPGA
devices for breaking DES in 7 days for $1M. [Eric Thompson, Access Data]
NSA's problem is not crypto, but the explosive growth in the number of
protocols. NSA needs to get out of the business of being a reputation
agent for crypto (thru ITAR approval) and allow weak crypto to naturally
appear in the market. [Ken Bass, Venabel, Baetjer, Howard and Civiletti]
In the 1970s 50% of the wiretaps were of value, now only 17% are. [Barry
Steinhardt, ACLU]
The introduction of "Dorothy" as the canonical Key Escrow (GAK) holder.
(To great hoots of laughter.) [I think this was Tom Parenty, Sybase, but I
could be wrong.]
When analyzing the crypto requirements of bad guys (e.g. terrorists) and
good guys (e.g. digital commerce users), the bad guys are small, tight knit
communities where the current, widely available, crypto systems work well.
The good guys are not tight knit and need infrastructure we don't have,
such as widely available software and certification. [Very broadly taken
from Whit Diffie]
-------------------------------------------------------------------------
Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506 | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA
Return to July 1996
Return to “Rich Graves <llurch@networking.stanford.edu>”