On 19 Mar 96 at 19:10, Bill Stewart wrote:
Sure, they'll be happy to, if we really want. The NSA will advise them on what's good crypto, and what's snake-oil. Certainly any system that didn't provide for back-up key access doesn't rate......
No, I didn't think you wanted that either....
Maybe the NSA will advise them, maybe not... since there is a conflict of interest (not unusual in regulatory circumstances, though). Then again, it would be awkward if the NSA hypothetically said product A is crap and product B is secure but non-NSA people said differently, esp. if the NSA wouldn't let product A be exported. They're a governmental organization, with all the flaws of any organization/bureaucracy, let alone the government. So yes, I've pondered them asking the NSA for advice... but keep in mind it puts the NSA in a double-bind, because they aren't the only experts, and because they'll look bad if they contradict themselves. They (FTC) might go by something different, though. If a company claims their product uses an "unbreakable cipher" when there are cracking programs (commercial or free) available, then obviously its false advertising. Indeed anything that advertises itself as "unbreakable" is a lie. There's also other consumer groups that are non-governmental, like Consumer Reports, PIRGs, and even various state and county consumer advoctates who won't tow the federal line (look at bovine growth hormone for one example... hm, maybe a bad parallel.) Part of it is a public learning curve. After a while more people (though not enough to eliminate snake oil's market) will recognize "PGP", "RSA", 'IDEA", "3DES" and other strong algorithms. (Ascom Tech could do themselves a nice turn by pushing for products with "IDEA Inside" type of messages...) Rob. --- Send a blank message with the subject "send pgp-key" (not in quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.