At 2:16 PM -0400 7/15/97, ptharrison wrote, on e$@thumper.vmeng.com:

-----BEGIN PGP SIGNED MESSAGE-----

At 11:49 AM 7/15/97 -0400, VERISIGN PR wrote:

...

--------------------------------------------------------------------- ...allowing approved organizations to use 128-bit encryption ... U.S.-based companies -- with servers located in the U.S. -- and international banks -- with servers located in the US and abroad -- ... was granted approval after review and consultation from the National Security Agency (NSA) and Federal Bureau of Investigation (FBI). ...Companies will not need to escrow their keys in order to take advantage of this program. ...VeriSign...can ensure that...Global Server IDs will only be granted to >

...

legitimate businesses that meet the necessary U.S. government qualifications Thanks to the cooperation of the U.S. government, we are now able to offer law-> abiding companies a legal alternative for secure communication and commerce." ... MICROSOFT said Mike Dusche, "The U.S. government is sending a strong message to the world by approving these applications and we're happy to be working with them...

Yes, and what might that message be?

With this announcement, it has become clear to me what the US government is attempting to do. They are relaxing the export of strong crypto -- if you use a US-based certification authority. Why does this matter? Look at the Kerry bill. My guess is that they already know that Verisign will go along with a key escrow requirement, in exchange for protection from liability, and so their goal now is to put Verisign in the loop as much as possible. I started to think of the loopholes this could create -- US companies outsourcing web sites for foreign companies, etc. Then I realized: IT DOESN'T MATTER, as far as the US government is concerned, because they're going to have those keys escrowed. The Kerrey bill may not pass this go-around, but they are counting on something like this. The hard part, now, is to figure out how to explain this to industry, public and the press, without sounding like raving lunatics. We meed to make it more concrete. Remind people that certificates expire every year, and point them at the Kerrey legislation. Ask foreign banks how they feel about their transactions being fully accessible to the US government -- or anyone capable of bribing a low-level functionary in the US government. --Steve PGP mail preferred, see http://web.mit.edu/network/pgp.html PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Steve Schear (N7ZEZ) | Internet: azur@netcom.com 7075 West Gowan Road | Voice: 1-702-658-2654 Suite 2148 | Fax: 1-702-658-2673 Las Vegas, NV 89129 | --------------------------------------------------------------------- God grant me the serenity to accept the things I cannot change; The courage to change the things I can; The weapons that make the difference; And the wisdom to hide the bodies of the people that got in my way;-) "Surveilence is ultimately just another form of media, and thus, potential entertainment." --G. Beato "We've all heard that a million monkeys banging on a million typewriters will eventually reproduce the entire works of Shakespeare. Now, thanks to the Internet, we know this is not true." -- Dr. Robert Silensky