HP has info on its new crypto stuff on the web now: <http://www.hp.com/go/security> and <http://www.hp.com/go/icf>. It's apparently a crypto coprocessor embedded in a board or chip which looks for a "policy token" (which is software/data, delivered via network or smartcard) which is doled out by local "policy servers", "developed and managed in conformance with national policy". Sounds to me like they want to be able to turn off strong crypto the way they can turn off high-detail GPS during politically/militarily sensitive events. As the press release notes, "ICF is designed to run any current or future cryptographic algorithms. Algorithms for key recovery also can be used. "Keys" are strings of computer code that lock and unlock data. Key recovery is a method that allows users to unscramble encrypted data if they lose their keys. Users can decide whether to use key recovery, based on personal needs or domestic -- or foreign -- government regulations. ICF cryptographic units, which can support keys of any length, are exportable because they are disabled until a Policy Activation Token activates them again. Policy Activation Tokens can be either a downloadable software module or a smart card. Policy Activation Tokens trigger particular algorithms for specific applications, based on needs. Additionally, ICF adapts easily to current government encryption policies, new encryption algorithms and changing key-recovery schemes. Customers who use ICF-based products are offered long-term investment protection, with rapid flexibility to meet changing needs." ICF is "International Cryptography Framework". The press release includes quotes from US and French government officials indicating that the new system will meet their needs. -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles@netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. |
Greg Broiles wrote:
HP has info on its new crypto stuff on the web now:
One of the subheadings in the white paper: "Toward a New Commercial Order." Ya gotta love it. A lot of the security (that is, "security" from the point of view of nervous Federales) seems to rely on certificates and tokens that are supposedly spoof-proof (I guess). Looks to me as if application certificates will be rather difficult to protect from being "abused". It's also not clear to me how they'd prevent my flying to Luxembourg, getting a Policy token that allows any & all crypto functions, and then flying my butt back to Singapore for an encryption party. ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5@tivoli.com mailto:m101@io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different!
Greg wrote:
Sounds to me like they want to be able to turn off strong crypto the way they can turn off high-detail GPS during politically/militarily sensitive events.
That's my analysis as well. That, and we will see crypto strength based on the application. Credit card numbers get 3DES, email gets 40bit RC4. [...]
Users can decide whether to use key recovery, based on personal needs or domestic -- or foreign -- government regulations.
The decision which type of crypto to use is not solely up to the user. If it was, a non-US user could just decide to turn on strong crypto. The Policy Token must therefore contain a field indicating GAK is "optional" or mandatory. What does this mean? Policy tickets are served from central Policy Servers. Foreigners only get servers that will turn GAK on by default. US users get servers, run by an unspecified agency, that will initially send tickets with a "GAK optional" value. This value can be changed to "GAK mandatory" in times of national emergencies, suspected terrorist activities, suspicious behavior, you know the drill. Flip a central switch, and all crypto goes from "non-GAK" to "GAK". Which of course makes it GAK from the outset. --Lucky
At 1:26 PM -0600 11/18/96, Mike McNally wrote:
A lot of the security (that is, "security" from the point of view of nervous Federales) seems to rely on certificates and tokens that are supposedly spoof-proof (I guess). Looks to me as if application certificates will be rather difficult to protect from being "abused". It's also not clear to me how they'd prevent my flying to Luxembourg, getting a Policy token that allows any & all crypto functions, and then flying my butt back to Singapore for an encryption party.
Or using the method someone (Duncan?) suggested a few years ago: recruit a bunch of derelicts and winos and other such "invisibles" to apply for Official Permissions in their own True Names, pay them off with the bottle of Thunderbird promised them, and, voila!, one has a unique Official Permission (policy card, for example). Absent biometric identification or other complicated verification (such as geographic methods...I'm dubious), I can't see how this wouldn't work. (And I think there will be dozens of other ways to subvert the H-P/Intel system.) --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
participants (4)
-
Greg Broiles -
Lucky Green -
Mike McNally -
Timothy C. May