From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Sun, 28 Jul 1996 14:34:52 +0800
To: cypherpunks@toad.com
Subject: Re: Public vs. Private Munitions
Message-ID: <2.2.32.19960728043610.00693fa8@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:25 AM 7/28/96 -0700, you wrote:
>At 7:24 PM 7/27/96, Erle Greer wrote:
>
>>     Theoretically, the government should only be have the resources to
>>control commercially-available, public encryption systems.  Who is to stop
>
>While I'm not exactly sure what you mean by a "commercially-available,
>public encryption system," I think your point is incorrect.

I didn't mean that I think that the govt should be allowed to control.  I
meant that govt would only be able to regulate commercial and/or public
systems.  They, of course, would have no say in the specs of my
personally-written cryptosystem.

>(My confusion is that a commercially-available system is not necessarily a
>"public" system, if by public one means public domain. If one means
>"published specifications," still not the case. Confusing.)

Sorry about the confusion.  Although I may have used the two terms loosely,
I was trying to contrast commercial and public against something written in
secret and not offered for govt approval.

>Howver, the government cannot step in and "control" a
>commercially-available product, by even the most liberal interpretations of
>the commerce clause. "Tim's Pretty Flaky Snakeoil System," for example. I
>can announce it, sell it, and the government is powerless to "control" it.
>(Even if it were "public.")
>
>If by "public" you mean an NBS or NIST standard, like DES, then I suppose
>the government can in some sense "control" it. (Even this is iffy, IMO, as
>I know of no rules saying DES implementations must be approved by NIST or
>anyone else.)
>
>>anyone from designing their own cryptosystem for personal use?  If the
>>government intercepted a transmission from this private cryptosystem, and
>>could not decrypt it, would they assume that it must be considered
>>munitions?  Similarly, anyone could send uniformly-formatted random garble
>>that could also be considered munitions, or at least waste the governments
>>processing time.
>
>Most of the cryptosystems are not under the "control" of the government,
>even by the standards of your first definition. Period. RSA is not a
>government-controlled system, though it is both "commercially-available"
>AND "public" (in that the spec and algorithm are clearly published).
>
>And the talk about "personal use" is misleading, IMO. It suggests that
>government can and should regulate use for "business purposes" but not
>personal uses. I disagree with this distinction.

Absolutely not!  Let me clarify that I feel that the govt should have no
part in crypto regulation, be it commercial, public, private, business, etc.

>>     Why are we so worried about government regulation?  Can't we just
>>devise our own cryptosystems and just don't sell them or make them publicly
>>available?
>
>You mean the way public key systems in general and  RSA in particular were
>invented and devised by non-government folks?

After some responses and some thought, I have seen the error in my thinking.
Having a secret, proprietary cryptosystem would loose the public-key benefit.
It would be fine, I believe, for point-to-point communications though.