Re: Crippled Notes export encryption
At 20:32 01.17.1996 -0500, Perry E. Metzger wrote:
Alan Pugh writes:
infoMCI (sm) Lotus-Security - Lotus Announces Compromise for Export of Strong Encryption
So, Lotus thinks they can fool people by back-dooring in key escrow, eh?
Time to break out the artillery.
Perry
Careful... what would YOU have done, with your customers demanding stronger crypto today and you unable to legally give it to them? Again, folks, try to remember that this is NOT key escrow... international Notes customers are no worse off than before, and a darn sight better off against everyone besides Uncle Sam. Herb ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Herb Sutter (herbs@connobj.com) Connected Object Solutions 2228 Urwin - Suite 102 voice 416-618-0184 http://www.connobj.com/ Oakville ON Canada L6L 2T2 fax 905-847-6019
Herb Sutter writes:
So, Lotus thinks they can fool people by back-dooring in key escrow, eh?
Time to break out the artillery.
Careful... what would YOU have done, with your customers demanding stronger crypto today and you unable to legally give it to them?
Set up development shop overseas for the crypto plug-ins. The solution is obvious and easy. By the way, I really think Netscape should simply ship Jeff and other people to the Amsterdam office or wherever else seems reasonable and do all the crypto work from there. It will save trouble and hassle. U.S. citizens wanting full 128 bit over the net would then get it from Netscape's overseas download sites. No one anywhere in the world would be forced to use crap. Perry
By the way, I really think Netscape should simply ship Jeff and other people to the Amsterdam office or wherever else seems reasonable and do all the crypto work from there. It will save trouble and hassle. U.S. citizens wanting full 128 bit over the net would then get it from Netscape's overseas download sites. No one anywhere in the world would be forced to use crap.
I've wondered why they don't do this as well. For people around the world in general, it would be a very good thing. But what kind of an effect would it have on this country? What if they decide it's easier to fire Jeff and hire some Dutch guy instead? Would the government decide that the export ban was pointless and lift it? Or would they stand by as big chunks of our software industry are lost to foreign competitors? Remember this is the government we're talking about, the people who destroyed a villiage in order to save it. It seems to me that loss of jobs is inevitable if the rules aren't changed. But I'm not sure it's a good thing to accelerate the process. I'm not sure it's not, either -- both options are unpleasant. There's probably a big opportunity here for some enterprising cypherpunk who's willing to move to Amsterdam (or who lives there already). Set up a company that provides crypto guts and distribution services for American software companies. Stand alone computers are becoming less useful and less common all the time. Networking is a fact of life in the computer industry. If you're doing networking you have to think about security, and if you're serious about security you have to use crypto. A software industry that can't deploy crypto without hindrance is living on borrowed time. We in America are extremely vulnerable to flight. We will lose jobs and market share if we don't change our policies. Because other countries will deploy crypto, our polices will be completely ineffective in preserving the government's ability to do surveillance. What's the point? It would be very interesting to see what would happen if Netscape announced that it's considering moving its crypto operations overseas in a year if the export restrictions aren't lifted.
On Tue, 23 Jan 1996 10:39:03 -0500, perry@piermont.com wrote:
Set up development shop overseas for the crypto plug-ins.
The solution is obvious and easy.
By the way, I really think Netscape should simply ship Jeff and other people to the Amsterdam office or wherever else seems reasonable and do all the crypto work from there. It will save trouble and hassle. U.S. citizens wanting full 128 bit over the net would then get it from Netscape's overseas download sites. No one anywhere in the world would be forced to use crap.
Wrong, this would be a violation of ITAR. Dan Weinstein djw@vplus.com http://www.vplus.com/~djw PGP public key is available from my Home Page. All opinions expressed above are mine. "I understand by 'freedom of Spirit' something quite definite - the unconditional will to say No, where it is dangerous to say No. Friedrich Nietzsche
Dan Weinstein writes:
By the way, I really think Netscape should simply ship Jeff and other people to the Amsterdam office...
Wrong, this would be a violation of ITAR.
I don't understand; are you saying Jeff's brain is a munition under the ITAR? (Is it a citizenship thing? If so, that's an easily solved problem: hire Dutch (or Egyptian or Bangali or whatever) engineers.) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On Tue, 23 Jan 1996, Perry E. Metzger wrote:
By the way, I really think Netscape should simply ship Jeff and other people to the Amsterdam office or wherever else seems reasonable and do all the crypto work from there. It will save trouble and hassle. U.S. citizens wanting full 128 bit over the net would then get it from Netscape's overseas download sites. No one anywhere in the world would be forced to use crap.
<flog,flog,neigh,neigh> Sorry, to beat a dead horse, but isn't this like that thread re:Vince Cate's invitation for us to all move to Anguila? We'd still be exporting our thoughts in violation of the ITAR. As long as you're American (person or corporation) you'd still be commiting a crime by putting strong crypto on the net, regardless of where you are, right? (That's what I remember from Micheal Froomkin's arguments from the last time this revolving thread came around). Of course, if some OTHER company (wink,wink,nudge,nudge) that is not incoporated in the US were employ to export a secure version of Netscape from Amsterdam, that would be another story (and how would anyone know that the code, just so happenned to have been written Jeff, et al.?) Just as long as the portion of Netscape that nominally produces Netscape (the software) and distributes it does not call itself Netscape and is not a US corporate citizen, that is the end of the game, right? Anyone got any spare holding companies handy? </flog,flog. No neighs.>
Perry E. Metzger wrote:
Herb Sutter writes:
So, Lotus thinks they can fool people by back-dooring in key escrow, eh?
Time to break out the artillery.
Careful... what would YOU have done, with your customers demanding stronger crypto today and you unable to legally give it to them?
Set up development shop overseas for the crypto plug-ins.
The solution is obvious and easy.
By the way, I really think Netscape should simply ship Jeff and other people to the Amsterdam office or wherever else seems reasonable and do all the crypto work from there. It will save trouble and hassle. U.S. citizens wanting full 128 bit over the net would then get it from Netscape's overseas download sites. No one anywhere in the world would be forced to use crap.
I can see two practical ways to build a netscape product outside the US. The first is to export the source code for the Navigator with the crypto code removed. All of the calls to crypto would have to be removed as well. I've heard some people claim that the government could come after us on the grounds that we were taking part in a conspiracy to export strong crypto. The other way would be to export a binary with pluggable crypto, which is generally agreed to be regulated by the ITAR in the same way as software that actually contains crypto. I suspect that to get around the US government in this way we would have to develop the entire product outside of the US. That would be a very drastic move that is not likely to happen any time soon. We are going to invest some money and effort into trying to get the current restrictions lifted first. Of course there are some of us who are ready and willing to go if it comes to that... --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
Jeff Weinstein writes:
I can see two practical ways to build a netscape product outside the US. The first is to export the source code for the Navigator with the crypto code removed. All of the calls to crypto would have to be removed as well. I've heard some people claim that the government could come after us on the grounds that we were taking part in a conspiracy to export strong crypto.
Didn't Netscape already promise to remove the hooks? It seems to me all of the major software players are already in bed with the government.
Mike Tighe wrote:
Jeff Weinstein writes:
I can see two practical ways to build a netscape product outside the US. The first is to export the source code for the Navigator with the crypto code removed. All of the calls to crypto would have to be removed as well. I've heard some people claim that the government could come after us on the grounds that we were taking part in a conspiracy to export strong crypto.
Didn't Netscape already promise to remove the hooks? It seems to me all of the major software players are already in bed with the government.
What do you mean by "promise to remove the hooks"? --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
Jeff Weinstein writes:
Didn't Netscape already promise to remove the hooks? It seems to me all of the major software players are already in bed with the government.
What do you mean by "promise to remove the hooks"?
I mean they planned to have some type of crypto, but then after a visit from the USG, they removed that plan, and even withdrew the interface so that someone else couldn't "drop in" the crypto. The press release describing it was within the past 12 months or so. I will find it eventually.
Mike Tighe writes:
Jeff Weinstein writes:
Didn't Netscape already promise to remove the hooks? It seems to me all of the major software players are already in bed with the government.
What do you mean by "promise to remove the hooks"?
I mean they planned to have some type of crypto, but then after a visit from the USG, they removed that plan, and even withdrew the interface so that someone else couldn't "drop in" the crypto. The press release describing it was within the past 12 months or so. I will find it eventually.
I think you may be confused. I do recall a report that some NSA folks visited NCSA and recommended they remove crypto hooks from the NCSA httpd. Is this maybe what you're thinking of? -- Jeff
Jeff Barber writes:
Didn't Netscape already promise to remove the hooks? It seems to me all of the major software players are already in bed with the government.
I think you may be confused. I do recall a report that some NSA folks visited NCSA and recommended they remove crypto hooks from the NCSA httpd. Is this maybe what you're thinking of?
Yes, I guess that was it. Thanks for the correction. Anyway, moving to the actual point, it does seem most major software players are agreeing to the USG demands.
I can see two practical ways to build a netscape product outside the US. The first is to export the source code for the Navigator with the crypto code removed. All of the calls to crypto would have to be removed as well. I've heard some people claim that the government could come after us on the grounds that we were taking part in a conspiracy to export strong crypto.
If you properly apply for a license to export the source code (explainig that the source code licensee might add the features that he feels are appropriate), is it still a conspiracy?
Herb Sutter writes:
Careful... what would YOU have done, with your customers demanding stronger crypto today and you unable to legally give it to them?
Build it overseas where there are no restrictions and then import it. Just like almost every other component in a computer.
In article <3105FBFC.4DC9@netscape.com> Jeff Weinstein <jsw@netscape.com> writes:
The other way would be to export a binary with pluggable crypto, which is generally agreed to be regulated by the ITAR in the same way as software that actually contains crypto.
How did kerberos avoid this? The "bones" distribution of kerberos without crypto was not regulated by ITAR, right? David
"dm" == David Mazieres <dm@amsterdam.lcs.mit.edu> writes: dm> How did kerberos avoid this? The "bones" distribution of kerberos dm> without crypto was not regulated by ITAR, right? In the ``bones'' version not only was the encryption code eliminated (e.g., the functionality of libdes.a), but the hooks to call such code disappeared as well. michael
David Mazieres wrote:
In article <3105FBFC.4DC9@netscape.com> Jeff Weinstein <jsw@netscape.com> writes:
The other way would be to export a binary with pluggable crypto, which is generally agreed to be regulated by the ITAR in the same way as software that actually contains crypto.
How did kerberos avoid this? The "bones" distribution of kerberos without crypto was not regulated by ITAR, right?
As others have noted, they removed the calls to the crypto code. I don't think that the TLAs are concerned about people at foreign universities using kerberos. They are much more worried about mass market products. If we did the same thing as was done for kerberos, then exported the code to a foreign subsidiary, I believe that the government would try to make a case against us that we had participated in a conspiracy to circumvent the export restrictions. The government continues to use FUD to impose defacto restrictions on what we can do. When they decided not to prosecute PRZ they did not clarify and said that they may decide at any time to go after someone else. They continue to try to wiggle out of stating a clear, firm policy. I think that our current efforts should be geared towards pinning them down, then once we have specific restrictions we can attack them. The Phil Karn case is important because it will help to clarify the ITAR restrictions. Even Raph's RSA T-shirt CJR may help to clarify the restrictions into something that we can really fight. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
Ian Goldberg wrote:
OK; so what if I have code that says:
RNG_GenerateRandomBytes(buf, size); Hash(outbuf, buf, size); /* * It would be really nice if outbuf were RSA-encrypted * with (expon,modulus) at this point and the result placed in * outbuf2, but we have to do the following instead: */ for(i=0;i<hashsize;++i) outbuf2[i] = ~outbuf[i]; fwrite(outbuf2, hashsize, 1, fp);
Would the above code be export-restricted because it contained wishful thinking about how nice it would be to use encryption?
The problem is that the government refuses to publish the rules. They make people ask for approval for every piece of code that is exported. This gives them lots of wiggle room so that they can keep changing the rules in the face of technical, legal, or political innovation. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
In article <199601242330.SAA08632@toxicwaste.media.mit.edu>, Derek Atkins <warlord@MIT.EDU> wrote:
How did kerberos avoid this? The "bones" distribution of kerberos without crypto was not regulated by ITAR, right?
Kerberos didn't leave the crypto plugable. The bones distribution removed not only the crypto routines but also the calls to the crypto routines. It would be hard to call that "pluggable". It took a lot of work for someone down under to replace all those crypto calls!
OK; so what if I have code that says: RNG_GenerateRandomBytes(buf, size); Hash(outbuf, buf, size); /* * It would be really nice if outbuf were RSA-encrypted * with (expon,modulus) at this point and the result placed in * outbuf2, but we have to do the following instead: */ for(i=0;i<hashsize;++i) outbuf2[i] = ~outbuf[i]; fwrite(outbuf2, hashsize, 1, fp); Would the above code be export-restricted because it contained wishful thinking about how nice it would be to use encryption? - Ian "Maybe I should just go back to Canada..."
Would the above code be export-restricted because it contained wishful thinking about how nice it would be to use encryption?
IANAL, but my guess is that no, that code would not be exportable. At least not if there really is a domestic vs. export version. Yes, it gets really fuzzy here. I think if you started with this code and didn't have any hooks at all, and only had a version (domestic and export) which contained this wishful thinking, you might get away with it. Then again, if that were the case it would not be export controlled in the first place since it doesn't use encryption ;) Yes, it is a huge can of worms. Worse, since it is done on a case-by-case basis, there really is no clear definition of where the exportable vs. non-exportable line actually is. You need to try it to test if it will work or not. -derek
So does that mean that it is legal to ship PGP out of the US by shooting a diskette in a rocket??? It's launching the munition, no? Therefore by sentence (6) it should be allowed. ;) -derek
How did kerberos avoid this? The "bones" distribution of kerberos without crypto was not regulated by ITAR, right?
Kerberos didn't leave the crypto plugable. The bones distribution removed not only the crypto routines but also the calls to the crypto routines. It would be hard to call that "pluggable". It took a lot of work for someone down under to replace all those crypto calls! -derek
cc: Jeff Weinstein <jsw@netscape.com>, cypherpunks@toad.com Date: Wed, 24 Jan 1996 18:30:00 EST From: Derek Atkins <warlord@MIT.EDU>
How did kerberos avoid this? The "bones" distribution of kerberos without crypto was not regulated by ITAR, right?
Kerberos didn't leave the crypto plugable. The bones distribution removed not only the crypto routines but also the calls to the crypto routines. It would be hard to call that "pluggable". It took a lot of work for someone down under to replace all those crypto calls!
So where exactly do they draw the line? You can still construct your software in such a way that there is a clean boundary between the crypto stuff and the rest. For example, could you have an application with a function: authenticate_user (int file_descriptor) which in the exportable version sends a password, and in the domestic version constructs some sort of authenticator? Could you have an xdr-like function which on in an exportable version just does argument marshaling and in a domestic version also encrypts? How exactly are crypto-hooks defined? This restriction seems orders of magnitude more bogus than even the ban on exporting actual encryption. David
So where exactly do they draw the line? You can still construct your software in such a way that there is a clean boundary between the crypto stuff and the rest.
The line is drawn, AFAIK, at the actual crypto routines. You cannot export the crypto routines, and the functions that call the crypto routines.
For example, could you have an application with a function:
authenticate_user (int file_descriptor)
which in the exportable version sends a password, and in the domestic version constructs some sort of authenticator?
Yes. In fact, this is what Bones did.
Could you have an xdr-like function which on in an exportable version just does argument marshaling and in a domestic version also encrypts?
Yes. However the exported code cannot have the encryption hooks in the code.
How exactly are crypto-hooks defined? This restriction seems orders of magnitude more bogus than even the ban on exporting actual encryption.
Very vaguely. If I have a function that does something like this: authenticate (args) { ... des_encrypt (); ... } I would have to remove the des_encrypt() call from the authenticate() routine before it can be exported... -derek
On Wed, 24 Jan 1996, Derek Atkins wrote:
How exactly are crypto-hooks defined? This restriction seems orders of magnitude more bogus than even the ban on exporting actual encryption.
Very vaguely. If I have a function that does something like this:
authenticate (args) { ...
des_encrypt (); ... }
I would have to remove the des_encrypt() call from the authenticate() routine before it can be exported...
Would removing the call to des_encrypt() and replacing it with a comment violate the restriction? something like: authenticate (args) { ... /* squeamish ossifrage */ ... } -- |\/|ike Gurski mgursk1@gl.umbc.edu FidoNet: 1:261/1062 http://www.gl.umbc.edu/~mgursk1/ finger -l for PGP public key |Member, 1024/39B5BADD PGP Keyprint=3493 A994 B159 48B7 1757 1E4E 6256 4570| Team My opinions are mine alone, even if you should be sharing them. | OS/2
participants (15)
-
Alex Strasheim -
David Mazieres -
Derek Atkins -
djw@vplus.com -
Herb Sutter -
iagoldbe@calum.csclub.uwaterloo.ca -
Jeff Barber -
Jeff Weinstein -
m5@dev.tivoli.com -
michael shiplett -
Mike Gurski -
Mike Tighe -
Perry E. Metzger -
s1018954@aix2.uottawa.ca -
Ulf_Moeller@public.uni-hamburg.de