Re: Clarifying controversial criteria

Donald E. Eastlake 3rd (dee@cybercash.com)
Fri, 15 Mar 1996 10:12:22 -0500 (EST)
Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Brad Knowles: "Re: Clarifying controversial criteria"
In reply to: Brad Knowles: "Re: Clarifying controversial criteria"
I agree entirely with Brad here.  The store and forward nature of mail makes
it orders of magnitude harder to "negotiate" algorithms or other options
between the ends than it is in, say, IPSEC.  Without an entire new
infrastructure to convey capabilities, the defaults will always be used
outside of closed communities.  And what the Internet is all about is
non-pre-arranged interoperability everywhere. 

It is not particularly suprising that, as yet another commercial product
design and deployment effort, S/MIME mandates an insecure proprietary
symetric encryption algorithm as its default.  S/MIME may become the de facto
standard but I believe the IETF policy of adopting secure open algorithms for
standards were possible is the right thing and that the polcies of one or a
few countries should not be controlling. (Note that RSA is restricted only in
the USA and as of today all public key systems are restricted somewhere. 
Also, when DES was adopted into some current standard efforts by the IETF,
its weakness was much less clear.)  PGP would be better in this regard if 
it used triple DES instead of IDEA. 

I might agree that it is "unfair", in some sense, that exportable crypto
efforts in the US are crippled by the US Government, but any company that
wants to escape that need only move abroad.  I think SUN or Netscape or a few
companies like that re-incorprating in, say, Finland, and moving hundred of
high paying jobs abroad would be great at making it clear to the US
Government the real effects of what are doing.  Companies that decide to
remain in the US and develop crippled software like S/MIME should expect
those products to be downgraded in evaluations when compared with full
strength crypto software. 

Donald

On Thu, 14 Mar 1996, Brad Knowles wrote:

> Date: Thu, 14 Mar 1996 23:17:18 -0500
> From: Brad Knowles <brad@azathoth.ops.aol.com>
> To: Blake Ramsdell <BlakeR@deming.com>,
>     "resolving-security@imc.org " <resolving-security@imc.org>,
>     Raph Levien <raph@cs.berkeley.edu>
> Subject: Re: Clarifying controversial criteria
> 
> On Mar 14,  3:37am, Blake Ramsdell wrote:
> 
> > That's kind of like saying "since Word can save text files which don't
> > retain any of the formatting, then I can't exchange documents that retain
> > the formatting with other people that use Word", which is, of course,
> > incorrect.  You simply select Word format as your output format.  Likewise,
> > you simply pick the algorithm type that matches your recipient, and if that
> > recipient can't take more than 40-bit encryption, then that's it.
> 
>     But if Word 5.1 can create text files, as can Word 4.3 for the
> Mac, and Word 6.0, and they don't have any level of interoperability
> more than that, guess what -- people that need to send Word files to
> each other will end up sending a lot of text files.  You really,
> really, want a minimum level of interoperability that is considerably
> higher than just plain text files.
> 
>     From an implementation perspective, it is very important to know
> what the minimum level of interoperability is required by the
> standard.  And in many cases, you'll find that no one ever goes beyond
> that minimum required, which is why I think it's very important to set
> that bar as high as we can, within certain restrictions.
> 
> ...
>
>     Whatever standard we propose will have to deal with the fact that
> it is available and further development will continue on it, and if we
> can't come up with something that is capable of being as secure as PGP
> is, then we're going to have a hard time convincing people to user our
> standard.  And to be successful, we have to make people *want* to use
> our standard.
> 
> 
>     I could make the analogy to CDMA vs. TDMA encoding for digital
> cellular phones.  When only one is available, then on one has a
> choice.  When one is already available and you want to introduce the
> other, you have to have a pretty convincing argument to make people
> want to use yours instead.
> 
> 
>     Well, PGP is currently available and has strong crypto.  We're
> going to have to come up with some pretty convincing arguments to use
> whatever we come up with over PGP, and just being exportable and easy
> to use won't cut it -- we also have to be at least as strong,
> cryptographically speaking.
> 
>     Otherwise, we just won't convince people to switch.  Otherwise,
> you won't convince me to switch.  And you're going to have a hard time
> getting everyone to follow suit if you can't get some consensus out of
> the people setting the standards.
> 
> -- 
> Brad Knowles                           MIME/PGP: BKnowles@aol.net
>     Mail Systems Administrator        <http://www.his.com/~brad/>
>     for America Online, Inc.                   Ph: (703) 453-4148
> 
> 	PGP keys available from pgp-public-keys@pgp.ai.mit.edu
> 

=====================================================================
Donald E. Eastlake 3rd     +1 508-287-4877(tel)     dee@cybercash.com
   318 Acton Street        +1 508-371-7148(fax)     dee@world.std.com
Carlisle, MA 01741 USA     +1 703-620-4200(main office, Reston, VA)
http://www.cybercash.com           http://www.eff.org/blueribbon.html
Previous message: Brad Knowles: "Re: Clarifying controversial criteria"
In reply to: Brad Knowles: "Re: Clarifying controversial criteria"