At 11:25 AM 7/28/96 -0700, you wrote:
At 7:24 PM 7/27/96, Erle Greer wrote:
Theoretically, the government should only be have the resources to control commercially-available, public encryption systems. Who is to stop
While I'm not exactly sure what you mean by a "commercially-available, public encryption system," I think your point is incorrect.
I didn't mean that I think that the govt should be allowed to control. I meant that govt would only be able to regulate commercial and/or public systems. They, of course, would have no say in the specs of my personally-written cryptosystem.
(My confusion is that a commercially-available system is not necessarily a "public" system, if by public one means public domain. If one means "published specifications," still not the case. Confusing.)
Sorry about the confusion. Although I may have used the two terms loosely, I was trying to contrast commercial and public against something written in secret and not offered for govt approval.
Howver, the government cannot step in and "control" a commercially-available product, by even the most liberal interpretations of the commerce clause. "Tim's Pretty Flaky Snakeoil System," for example. I can announce it, sell it, and the government is powerless to "control" it. (Even if it were "public.")
If by "public" you mean an NBS or NIST standard, like DES, then I suppose the government can in some sense "control" it. (Even this is iffy, IMO, as I know of no rules saying DES implementations must be approved by NIST or anyone else.)
anyone from designing their own cryptosystem for personal use? If the government intercepted a transmission from this private cryptosystem, and could not decrypt it, would they assume that it must be considered munitions? Similarly, anyone could send uniformly-formatted random garble that could also be considered munitions, or at least waste the governments processing time.
Most of the cryptosystems are not under the "control" of the government, even by the standards of your first definition. Period. RSA is not a government-controlled system, though it is both "commercially-available" AND "public" (in that the spec and algorithm are clearly published).
And the talk about "personal use" is misleading, IMO. It suggests that government can and should regulate use for "business purposes" but not personal uses. I disagree with this distinction.
Absolutely not! Let me clarify that I feel that the govt should have no part in crypto regulation, be it commercial, public, private, business, etc.
Why are we so worried about government regulation? Can't we just devise our own cryptosystems and just don't sell them or make them publicly available?
You mean the way public key systems in general and RSA in particular were invented and devised by non-government folks?
After some responses and some thought, I have seen the error in my thinking. Having a secret, proprietary cryptosystem would loose the public-key benefit. It would be fine, I believe, for point-to-point communications though.