I think we can all agree that the level of confidence in software-only approaches to security is clearly lower than combination software plus hardware approaches. It is clear that what is available over the Internet is software. (It is much harder to distribute "hardware" as you can only really distribute design information. The closest analogy could be a FPGA program, a Verilog description or some other ASIC net list.) How about the following as an approach to resolving the dispute over encryption exports: 1. Allow arbitrary exports of software-only encryption. This means that PGP is exportable as is DES crypt libraries. 2. Restrict exports of hardware-only or hardware/software encryption. This means that smart cards, HP's crypto policy cards, crypto processors with tamper-resistant casing, etc ... are restricted. Why does this make sense? 1. Reality check on export control of software: Software is just too transportable to be restricted, no matter WHAT the software does. Any restriction on WHERE software may be or may go is just not feasible, and it's not going to get any easier in the foreseeable future. 2. Take John Deutch at his word: Deutch has claimed that "serious users of cryptography" would not trust software downloaded over the Internet. We clearly do not agree with him on this aspect, but if he truly believes it (and is not just making PR spin statements for the NSA), then he must believe that allowing software exports will not significantly increase the user base (and therefore, harm CIA's or NSA's intelligence capabilities), but it will shut up the software companies' complaints. 3. Give the NSA what it wants: Software tends to standardize. Encryption is only a small part of the chain of security measures. Other weaknesses are surely part of the NSA's target for intercepts (no self-respecting codebreaking agency should stick to exploiting only one class of failures; if it is, we should question the value we are getting out of the billions of dollars we blindly give to the NSA). If the NSA stops whining about what is too hard to break, then protocol weakness and other non-encryption problems could easily creep into standards, and the NSA would surely have an analytical advantage over anyone else. Since the NSA is happily bragging that it does not even need to crack the code to break in, it should be able to live with hardware-only export restriction. The fact that the NSA is no longer drawing any lines anywhere for software will leave the bad guys guessing as to what it can really decode. In addition, hardware manufacturers will probably have a tougher overturning export restrictions on hardware-enhanced solutions after that because software companies will probably not care. It is clear that the NSA only trusts hardware implementations, as it required Clipper to be manufactured in tamper-resistant cases. All constructive replies welcome. Ern