1998-05-13 - Re: Chaffing and winnowing

Header Data

From: “Mark Rosen” <mrosen@peganet.com>
To: “Stephen Zander” <gibreel@pobox.com>
Message Hash: 48bac57ee90a3b0cd015608c71cadf1632b273945f23e90545d1c27fb20fc96f
Message ID: <01bd7ebe$f2941940$014ce9c7@markdsk.peganet.com>
Reply To: N/A
UTC Datetime: 1998-05-13 22:46:22 UTC
Raw Date: Wed, 13 May 1998 15:46:22 -0700 (PDT)

Raw message

From: "Mark Rosen" <mrosen@peganet.com>
Date: Wed, 13 May 1998 15:46:22 -0700 (PDT)
To: "Stephen Zander" <gibreel@pobox.com>
Subject: Re: Chaffing and winnowing
Message-ID: <01bd7ebe$f2941940$014ce9c7@markdsk.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain

>    Mark> ...  g. Data authentication equipment that calculates a
>    Mark> Message Authentication Code (MAC) or similar result to
>    Mark> ensure no alteration of text has taken place, or to
>    Mark> authenticate users, but does not allow for encryption of
>    Mark> data, text or other media other than that needed for the
>    Mark> authentication;
>But wasn't that the gist of Rivest's paper: he's not encrypting the
>message, he's just obscuring it really, really well.
>All this needs someone with the cash & the time to push it to court...
    Actually, the first parts I quoted applied to chaffing and winnowing

a. Designed or modified to use ``cryptography'' employing digital techniques
to ensure ``information security'';
b. Designed or modified to perform cryptanalytic functions;
c. Designed or modified to use ``cryptography'' employing analog techniques
to ensure ``information security'';

    Part a. basically prevents any sort of "encryption" technique, whether
that technique uses a normal encryption algorithm, a hash function, or
quantum cryptography -- anything that can be used for "information security"
    I think that the NSA knew about chaffing and winnowing, and they talked
with the people who wrote the EAR and helped them make the legislation cover
chaffing and winnowing.
    Please know that I, in no way, like the EAR; it just seems that
everyone's hopes that chaffing and winnowing gets around the export controls
are invalid. The EAR doesn't care *how* you do the encryption, it only cares
that some sort of "encryption" was performed.
    Are there any legal-types out there that can give a more definitive

- Mark Rosen