From: dan ritter (dsr@servtech.com)
Date: Fri Jul 10 1998 - 07:32:12 CDT
When last we saw Dave Barr, he was lost in a tangle of
attributions:
>>On Thu, Jul 09, 1998 at 09:15:33AM -0400, Dave Barr wrote:
(I think this is Brad, actually)
>>We're talking about a requirement here. If you are writing a site
>>package, you need to understand both a private key cancel and a public
>>key cancel. If you are writing a client you have to know how to generate
>>both. And unless that rule is stuck to hard (which it won't be), then
>>everybody doing a cancel is going to have to generate *both* types of
>>authentication in their cancel. Especially if the private key system,
>>because it is simpler, shows up first, with people "getting around to" the
>>public key system.
(And this is Dave)
>I don't really see a big problem with that. If there are problems
>with a cancel lock system that a private key system would solve, then
>that would be an incentive for all concerned to support it.
>
>Won't there be serious export problems and other encryption law problems
>with a public key system? One advantage of cancel lock is that hashing
>algorithms don't have any legal hurdles to jump.
I've discussed this with several people. First off, individual countries
can do whatever they want legally, but it doesn't mean that any of us
who don't live there have to even think about their laws. Afghanistan
just outlawed television; that doesn't mean that the rest of the world
has to follow suit.
So, while I'm in the USA and can't export my RSA-in-Perl T-shirt, Simon
can produce one all by himself.
Secondly, we aren't writing code here, we're just writing standards :) So
they can come after me for exporting munitions^H^H^H^H^H^H^H^H^Hsource
code all they want, but in writing a standard, we're just advocating it.
Finally, in a casual discussion with John Curran (see the advantages of
working at BBN^H^H^HGTE Internetworking?) I asked what sort of resistance
he thought we would get from using strong crypto at a protocol level. He
said that the legislative process works like this:
First Congress hears from Louis Freeh and Janet Reno and Dorothy Denning,
and they get into a panic about terrorists using crypto to kidnap children
so that they can make pornography with animals and bombs. Then Curran and
Steve Kent and Diffie and Kapor and three hundred EFF members and the
entire FSF talk about cryptography being like an envelope and guaranteed
rights of privacy and stuff. Then Congress says that they understand. Just
before they vote, all the cypherpunks are shuffled out of the room, and
a few guys wearing suits and sunglasses go in. They talk for about an hour
without letting anyone record what they say, and then they walk out. Congress
turns around and demands that all routers capable of encryption have clear-
text access ports.
In other words, they hate it, but I really don't care. I'll start worrying
when they develop technology to pry my PGP passphrases from my brain.
-dsr-