
--- begin forwarded text From: "Phillip Hallam-Baker" <hallam@ai.mit.edu> To: "Robert Hettinga" <rah@shipwright.com>, <dcsb@ai.mit.edu> Subject: RE: Wassenaar Statement Date: Fri, 4 Dec 1998 18:02:40 -0500 MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Importance: Normal We have seen this type of press release before. Uncle Sam goes off to a conference and returns to state that the rest of the world has committed to its position - only to find out later that the rest of the world did not. Anyone remembe the time the crypto Tzar went off to the European Association (a non binding talking shop) and got a similar 'undertaking'. It is more likely that the Wassenaar statement reflects what went on at the meeting. But even then most countries in Europe have a democratic process in which decisions are made by elected representatives and not by beaureacrats at closed treaty negotiations. Just as the munitions acts under which the ITAR crypto regulations are purported to be made clearly do not provide the executive with the powers claimed, neither do most of the European enabling acts for COCOM. Nor in a parliamentary system is it quite so easy for the executive to perform Zimmerman type persecutions. If the same tactics had been used in the UK the Home secretary would have faced political consequences for the failure of the prosecution. The Matrix Churchill affair played a significant part in the collapse of the Major government in the UK. I doubt Straw would be keen on a repeat. The UK DTI proposals requiring GAK as a condition of CA licensing may appear to meet the Freeh objectives but since there is no proposal to make licensing a requirement of doing business the result is most likely to be nobody becomes a 'licensed CA'. There is a legitimate business need for key recovery but nobody offering those services is going to want access to the customer's private keys. Doing so would be akin to keeping triffids as pets. It is not necessary to keep actual private keys to achieve the objective of controlling access to the private keys. Phill --- end forwarded text ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'