From: Carl Ellison <cme@cybercash.com>
Date: Thu, 25 Sep 1997 01:51:47 +0800
To: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
Subject: Re: Emphasizing a point by Donald Eastlake re key recovery
Message-ID: <3.0.3.32.19970924101545.032be240@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

At 09:34 AM 9/23/97 +0100, Ross Anderson wrote:
>There is also the point that the vast majority of encryption keys are
>actually used for authentication rather than confidentiality. The keys
>that encrypt your bank card PIN en route from the ATM to the bank, the
>keys in your satellite TV decoder, the keys in your gas meter and your
>postal meter - in fact the majority of all DES keys in use - are about
>authentication. In theory most of them could be replaced by digital 
>signature mechanisms but given the size of the installed base, it 
>won't happen anytime soon.

For what it's worth, I once got an opinion from NSA's export control office 
that I could use any kind of crypto I wanted (e.g., even triple-DES) if all 
I'm doing is protecting a channel carrying a password (like the PIN), 
because that's an authentication function and therefore to be encouraged.  I 
didn't get this in writing, however, so I'd have to go for it again.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNCkgkFQXJENzYr45AQF9EAP+Lx54AGJVvr9nOgGEaFYgMyTYFsalnPV9
3ZhqCIc6DDbjGBPf7r20SYUwz+3mhLeGLjlHleltXoT/coAChL/vSnqL0Q9/gpRI
w11Sg32vFi/6Fr8fNWgEcMtmuIIZS/QSRt3hj8p0cc6UN2bjWevD97/brWhVjWYl
hNdlUrgPpHw=
=l1tu
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+