From: Lucky Green <shamrock@netcom.com>
To: Greg Broiles <gbroiles@netbox.com>
Message Hash: abf3175d7a13e568d85880868b8631c954459dec3e2f96d2a0e2990d9e2cd52f
Message ID: <Pine.3.89.9611181320.A22847-0100000@netcom14>
Reply To: <3.0b28.32.19961118103631.006b5260@ricochet.net>
UTC Datetime: 1996-11-18 21:41:03 UTC
Raw Date: Mon, 18 Nov 1996 13:41:03 -0800 (PST)
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 18 Nov 1996 13:41:03 -0800 (PST)
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: HP announcement
In-Reply-To: <3.0b28.32.19961118103631.006b5260@ricochet.net>
Message-ID: <Pine.3.89.9611181320.A22847-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain
Greg wrote:
> Sounds to me like they want to be able to turn off strong crypto the way
> they can turn off high-detail GPS during politically/militarily sensitive
> events.
That's my analysis as well. That, and we will see crypto strength based on
the application. Credit card numbers get 3DES, email gets 40bit RC4.
[...]
> Users
> can decide whether to use key recovery, based on personal needs or domestic
> -- or foreign -- government regulations.
The decision which type of crypto to use is not solely up to the
user. If it was, a non-US user could just decide to turn on strong
crypto. The Policy Token must therefore contain a field indicating GAK is
"optional" or mandatory.
What does this mean? Policy tickets are served from central Policy
Servers. Foreigners only get servers that will turn GAK on by default. US
users get servers, run by an unspecified agency, that will initially send
tickets with a "GAK optional" value. This value can be changed to "GAK
mandatory" in times of national emergencies, suspected terrorist
activities, suspicious behavior, you know the drill.
Flip a central switch, and all crypto goes from "non-GAK" to "GAK". Which of
course makes it GAK from the outset.
--Lucky
Return to November 1996
Return to ““Timothy C. May” <tcmay@got.net>”