To: "Frank O'Dwyer" <fod@fws.ilo.dec.com> cc: firewalls@GreatCircle.COM (Firewalls Mailing List) From: Justin Mason <jmason@iona.ie> Subject: BoS: Re: International Encryption Protocols Frank O'Dwyer sez:

After all, if the CoCom countries _weren't_ willing to sell each other crypto equipment, how could they spy on one another? :-)

(Actually the :-) may not be necessary - I believe there was a story in the news recently about the UK 'authorities' snooping on Irish official traffic carried on UK-supplied equipment.)

Almost right -- it was the UK surveillance service (GCHQ) snooping on Irish official traffic carried on US-supplied crypto equipment. Apparently, the equipment in question had a "back door", courtesy of the NSA; when GCHQ found out that the Irish govt were using this equipment, they had only to ask their NSA pals for the details. I only heard the details myself via a popular-science program on crypto ;), so the so-called back door may not have been a deliberately weakened algorithm, it may have been a set of keys from an key-escrow repository or some such. --j. Weld Pond - weld@l0pht.com - http://www.l0pht.com/~weld L 0 p h t H e a v y I n d u s t r i e s Technical archives for the people - Bio/Electro/Crypto/Radio