Re: GAK Flap Happening at a Good Time--Journalists Read!
At 03:01 AM 12/1/95 -0800, Timothy C. May wrote:
I hope the media types reading now will attend the December 5th (I think...details should be available) gathering on "key escrow" in Washington. D.C. This should be a fiery meeting, especially if the Netscape reps (I assume someone from Netscape will be attending, given their central role in the all-important Web world) either denounce GAK or support GAK.
I will prepare the netscape dehanced dirty pictures web page, but not advertize the URL until shortly after December 5th. I hope to hear a suitable "clarification" before then. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd@echeque.com
James A. Donald wrote:
At 03:01 AM 12/1/95 -0800, Timothy C. May wrote:
I hope the media types reading now will attend the December 5th (I think...details should be available) gathering on "key escrow" in Washington. D.C. This should be a fiery meeting, especially if the Netscape reps (I assume someone from Netscape will be attending, given their central role in the all-important Web world) either denounce GAK or support GAK.
I will prepare the netscape dehanced dirty pictures web page, but not advertize the URL until shortly after December 5th.
I hope to hear a suitable "clarification" before then.
See my recent message to this list. We will be taking an anti-GAK position. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
Black Unicorn wrote:
On Fri, 1 Dec 1995, Jeff Weinstein wrote:
James A. Donald wrote:
I will prepare the netscape dehanced dirty pictures web page, but not advertize the URL until shortly after December 5th.
I hope to hear a suitable "clarification" before then.
See my recent message to this list. We will be taking an anti-GAK position.
So you will refuse to implement GAK in future version of netscape then? Or you will merely do lipservice to the GAK policies at the conference?
I think the distinction is quite key.
If the law requires GAK, then I believe that we will implement it rather than just disable encryption. We are taking a position against GAK and will continue to lobby against it. We are planning to continue to do both US and Export versions, so I don't think that the government's ploy of trying to lure companies into weakening their domestic versions will work. We released a 128-bit version of our product almost a year ago, at a time when many companies were providing only weak crypto in their domestic products so that they didn't have to trouble themselves with two versions. We are actively lobbying in washington to get clarification of the current regulations so that we can provide the US version via an "export controlled" FTP or HTTP download. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
On Sat, 2 Dec 1995, Jeff Weinstein wrote:
Black Unicorn wrote:
On Fri, 1 Dec 1995, Jeff Weinstein wrote:
See my recent message to this list. We will be taking an anti-GAK position.
So you will refuse to implement GAK in future version of netscape then? Or you will merely do lipservice to the GAK policies at the conference?
I think the distinction is quite key.
If the law requires GAK, then I believe that we will implement it rather than just disable encryption. We are taking a position against GAK and will continue to lobby against it. We are planning to continue to do both US and Export versions, so I don't think that the government's ploy of trying to lure companies into weakening their domestic versions will work.
AT&T seems to have been suitably 'incentivized' The receipt of government funding (in whatever guise) might be just as powerful in this case. To the outsider, it looks as if Netscape 'owes' the government.
We released a 128-bit version of our product almost a year ago, at a time when many companies were providing only weak crypto in their domestic products so that they didn't have to trouble themselves with two versions.
And this is impressive. Stamina, however, is much more difficult.
We are actively lobbying in washington to get clarification of the current regulations so that we can provide the US version via an "export controlled" FTP or HTTP download.
With which firm? Or have you made it an in-house effort?
--Jeff
-- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
--- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information
With which firm? Or have you made it an in-house effort?
There was no Netscape (or RSADSI, for that matter [an RSADSI employee showed up, but it was on his own time]) representative at the recent Bernstein hearing in SF. I think that shows how much they really care. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org
On Sat, 2 Dec 1995, sameer wrote:
With which firm? Or have you made it an in-house effort?
There was no Netscape (or RSADSI, for that matter [an RSADSI employee showed up, but it was on his own time]) representative at the recent Bernstein hearing in SF. I think that shows how much they really care.
While I suspected this, I don't think we needed it to show us how much they really care. It seems fairly obvious from the outset.
-- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org
--- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information
sameer wrote:
With which firm? Or have you made it an in-house effort?
There was no Netscape (or RSADSI, for that matter [an RSADSI employee showed up, but it was on his own time]) representative at the recent Bernstein hearing in SF. I think that shows how much they really care.
How would having an official representative from Netscape in the audience have influenced the outcome of the proceedings? I would have liked to attend, but was in the process of trying to get a beta release out at the time. Do you honestly believe that the only people who want Bernstein to win are those who were present in the court room that day? Not even Dan himself was there. Does that mean that he doesn't care about the outcome of the case? --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
How would having an official representative from Netscape in the audience have influenced the outcome of the proceedings? I would
It's called moral support for our lawyers. Cindy mentioned after the hearing at lunch how much it helped to have people in the audience. Having official people from industry would probably have helped her morale even more.
have liked to attend, but was in the process of trying to get a beta release out at the time.
Ah, I see, so the short-term goal of making sure a beta release isn't one day late takes precedence over the long term future of cryptography. (And, essentially, your company's long term profits.) -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org/ (or login as "guest") sameer@c2.org
Black Unicorn wrote:
On Sat, 2 Dec 1995, Jeff Weinstein wrote:
Black Unicorn wrote:
On Fri, 1 Dec 1995, Jeff Weinstein wrote:
See my recent message to this list. We will be taking an anti-GAK position.
So you will refuse to implement GAK in future version of netscape then? Or you will merely do lipservice to the GAK policies at the conference?
I think the distinction is quite key.
If the law requires GAK, then I believe that we will implement it rather than just disable encryption. We are taking a position against GAK and will continue to lobby against it. We are planning to continue to do both US and Export versions, so I don't think that the government's ploy of trying to lure companies into weakening their domestic versions will work.
AT&T seems to have been suitably 'incentivized' The receipt of government funding (in whatever guise) might be just as powerful in this case.
To the outsider, it looks as if Netscape 'owes' the government.
We do owe the government. They have paid us for Servers and Clients that support Fortezza. That is what we owe them. The money that the NSA gave us for Fortezza is not very significant compared to what we are getting from commercial sources.
We released a 128-bit version of our product almost a year ago, at a time when many companies were providing only weak crypto in their domestic products so that they didn't have to trouble themselves with two versions.
And this is impressive. Stamina, however, is much more difficult.
We are actively lobbying in washington to get clarification of the current regulations so that we can provide the US version via an "export controlled" FTP or HTTP download.
With which firm? Or have you made it an in-house effort?
We have recently hired a government liason person to manage our policy discussions with the government. He is one of the people that will be talking to congressional and white house representatives next week. I don't know if we have made use of any outside lobbying firms. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
Black Unicorn wrote:
On Sat, 2 Dec 1995, Jeff Weinstein wrote:
Black Unicorn wrote:
AT&T seems to have been suitably 'incentivized' The receipt of government funding (in whatever guise) might be just as powerful in this case.
To the outsider, it looks as if Netscape 'owes' the government.
We do owe the government. They have paid us for Servers and Clients that support Fortezza. That is what we owe them. The money that the NSA gave us for Fortezza is not very significant compared to what we are getting from commercial sources.
Obviously it was significant enough to take. It was also a perfect opportunity for Netscape to express concerns about the future of the technology, which is in netscape's interest. The astute deal maker would be happy to work with the NSA on his own terms. Instead, it would appear that Netscape is working FOR NSA on their terms.
I wasn't aware that you were privy to the details of the contract.
We are actively lobbying in washington to get clarification of the current regulations so that we can provide the US version via an "export controlled" FTP or HTTP download.
With which firm? Or have you made it an in-house effort?
We have recently hired a government liason person to manage our policy discussions with the government. He is one of the people that will be talking to congressional and white house representatives next week. I don't know if we have made use of any outside lobbying firms.
I'd be interested to know what a 'government liason person' is. It sounds to me like an 'in house lobbist.' There is an old joke in the beltway about in house lobbists.
I also would like to know why you are actively lobbying for 'claification' rather than 'modification' of the current policy.
We are asking for both. We want to know what we have to do to make our US version available for FTP download to everyone who is legally allowed to use it, without violating the current law. We also want the export restrictions removed so that we can ship the same stuff to other countries. The former is a short term goal while the latter will likely turn into a longer term effort.
Netscape seems to be taking the position, "We'd love it if you'd let us do X, but we are happy to roll over for whatever."
So you consider not breaking the law to be "rolling over"? You have the luxury of hiding behind anonymity. We don't.
and "By the way, what is the rule on exporting software again?"
Doesn't everyone want to know this? Do you think that the ITAR is clear about the meaning of "export" in the case of FTP and the internet?
I am impressed that some effort is being made. I think it in the form of 'too little, too late.' But hey, who am I?
Four months ago we did not have lots of money in the bank. People seem to forget that this still a young and small company. Perhaps the current valuation is blinding obscuring this. Now that we have more resources at our disposal hopefully we can help make a difference. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
On Sun, 3 Dec 1995, Jeff Weinstein wrote:
Black Unicorn wrote:
On Sat, 2 Dec 1995, Jeff Weinstein wrote:
Black Unicorn wrote:
To the outsider, it looks as if Netscape 'owes' the government.
We do owe the government. They have paid us for Servers and Clients that support Fortezza. That is what we owe them. The money that the NSA gave us for Fortezza is not very significant compared to what we are getting from commercial sources.
Obviously it was significant enough to take. It was also a perfect opportunity for Netscape to express concerns about the future of the technology, which is in netscape's interest. The astute deal maker would be happy to work with the NSA on his own terms. Instead, it would appear that Netscape is working FOR NSA on their terms.
I wasn't aware that you were privy to the details of the contract.
Tell me it included discussion about the future of the technology, and that at some time during the negotiations the prospect of GAK and netscape's concern over the direction of it was discussed. In the alternative, shut up. It doesn't take a legal genius to figure out what went on in these negotiations. I've been there. I know what the agendas are, and it's clear GAK was not one of them. Either show me otherwise or sit down. (And by the way, to brag and make you eat crow, I have seen portions of the agreement, and your legal staff is as full of leaks as the titanic. You would be wise to pull that card only when you are sure it's not been exposed. Your agreement is another reason I pulled my stock. My biggest regret is that I don't trust my anonyminity enough to publish the portions I have).
I'd be interested to know what a 'government liason person' is. It sounds to me like an 'in house lobbist.' There is an old joke in the beltway about in house lobbists.
I also would like to know why you are actively lobbying for 'claification' rather than 'modification' of the current policy.
We are asking for both. We want to know what we have to do to make our US version available for FTP download to everyone who is legally allowed to use it, without violating the current law. We also want the export restrictions removed so that we can ship the same stuff to other countries. The former is a short term goal while the latter will likely turn into a longer term effort.
At no time in here do I hear that you will be actively taking an 'anti-GAK' position. That is, that GAK is counterproductive, against the interests of the industry and that Netscape is going to take a stand on GAK because it is wrong for the industry as a whole. I don't care what your position is on GAK, I've already sold my stock in your spineless company. What I care about is exactly what kind of snowjob you are perpetrating after the fact while claiming to be one of us.
Netscape seems to be taking the position, "We'd love it if you'd let us do X, but we are happy to roll over for whatever."
So you consider not breaking the law to be "rolling over"?
You seem to think the only options are: 1. Roll over. 2. Break the law. This is where you fail. The other option is active work to discourage a GAK system on the whole as a farce, and unenforceable, thus a waste and a burden to the industry (which in my view, it is). Unfortunately, Netscape is too interested, clearly, in not rocking the boat while the gold is on board. Again, this is fine, so long as you don't come to us claiming to be the peacemaker. That's crap.
You have the luxury of hiding behind anonymity. We don't.
No apologies necessary.
and "By the way, what is the rule on exporting software again?"
Doesn't everyone want to know this? Do you think that the ITAR is clear about the meaning of "export" in the case of FTP and the internet?
No. I don't care what is. As long as it is not "we know strong crypto is inevitable, and thus we cannot hope to enforce a lesser standard," then it is clearly unacceptable - (See Bill Gates, who despite my provincial mac preference, has earned my investment dollar ten times over on ethics issue v. netscape. I hope you realize exactly what that means).
I am impressed that some effort is being made. I think it in the form of 'too little, too late.' But hey, who am I?
Four months ago we did not have lots of money in the bank. People seem to forget that this still a young and small company. Perhaps the current valuation is blinding obscuring this. Now that we have more resources at our disposal hopefully we can help make a difference.
All the smallest violins in the world are, I am sure, playing for you. You'd make a difference if you would evolve to the point where you have a backbone. Given your position in the short lived 'hype' of the high tech market, I would think you would make as much of your time in the spotlight as you could. Especially if the market ever wises up to the snowjob you are doing. (I speak of the company, if not the individual, not that I doubt either of the capacity individually).
--Jeff
-- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
--- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information
On Sat, 2 Dec 1995, Jeff Weinstein wrote:
Black Unicorn wrote:
AT&T seems to have been suitably 'incentivized' The receipt of government funding (in whatever guise) might be just as powerful in this case.
To the outsider, it looks as if Netscape 'owes' the government.
We do owe the government. They have paid us for Servers and Clients that support Fortezza. That is what we owe them. The money that the NSA gave us for Fortezza is not very significant compared to what we are getting from commercial sources.
Obviously it was significant enough to take. It was also a perfect opportunity for Netscape to express concerns about the future of the technology, which is in netscape's interest. The astute deal maker would be happy to work with the NSA on his own terms. Instead, it would appear that Netscape is working FOR NSA on their terms.
We are actively lobbying in washington to get clarification of the current regulations so that we can provide the US version via an "export controlled" FTP or HTTP download.
With which firm? Or have you made it an in-house effort?
We have recently hired a government liason person to manage our policy discussions with the government. He is one of the people that will be talking to congressional and white house representatives next week. I don't know if we have made use of any outside lobbying firms.
I'd be interested to know what a 'government liason person' is. It sounds to me like an 'in house lobbist.' There is an old joke in the beltway about in house lobbists. I also would like to know why you are actively lobbying for 'claification' rather than 'modification' of the current policy. Netscape seems to be taking the position, "We'd love it if you'd let us do X, but we are happy to roll over for whatever." and "By the way, what is the rule on exporting software again?" I am impressed that some effort is being made. I think it in the form of 'too little, too late.' But hey, who am I?
--Jeff
-- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
--- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information
On Sat, 2 Dec 1995 20:16:08 -0500 (EST), Black Unicorn <unicorn@schloss.li> wrote:
On Sat, 2 Dec 1995, Jeff Weinstein wrote:
Black Unicorn wrote:
AT&T seems to have been suitably 'incentivized' The receipt of government funding (in whatever guise) might be just as powerful in this case.
To the outsider, it looks as if Netscape 'owes' the government.
We do owe the government. They have paid us for Servers and Clients that support Fortezza. That is what we owe them. The money that the NSA gave us for Fortezza is not very significant compared to what we are getting from commercial sources.
Obviously it was significant enough to take. It was also a perfect opportunity for Netscape to express concerns about the future of the technology, which is in netscape's interest. The astute deal maker would be happy to work with the NSA on his own terms. Instead, it would appear that Netscape is working FOR NSA on their terms.
If you read what they had to say about this, you know that they are hoping others will create non-escrowed crypto hardware using the same interface. I see no reason for them to not include support for any available hardware system (even if it includes GAK), as long as they continue to support non-escrowed encryption internally. This allows the customer to decide that they have no problem with GAK and use the external system, or use the internal system and not have GAK.
We are actively lobbying in washington to get clarification of the current regulations so that we can provide the US version via an "export controlled" FTP or HTTP download.
With which firm? Or have you made it an in-house effort?
We have recently hired a government liason person to manage our policy discussions with the government. He is one of the people that will be talking to congressional and white house representatives next week. I don't know if we have made use of any outside lobbying firms.
I'd be interested to know what a 'government liason person' is. It sounds to me like an 'in house lobbist.' There is an old joke in the beltway about in house lobbists.
I also would like to know why you are actively lobbying for 'claification' rather than 'modification' of the current policy.
Until the current policy is clearly defined it is like a moving target. Once the government has been pinned down to a single policy, it will be much easier to dispute their policies. Currently the government can say anything they want about their enforcement of ITAR, because they have not stated a clear set of rules with regard to it. Once they have set clear rules, those rules can be shown to be overly restrictive or even unenforceable. Also, lawyers usually advise clients based on a worst case scenario, thus when the government is unclear on its rules, the lawyers advise their clients based upon the worst possible interpretation of the law. This is done to protect their client. By not stating a policy, the government is making that worst case happen, without having to be the bad guy by actually attempting to enforce such a policy.
Netscape seems to be taking the position, "We'd love it if you'd let us do X, but we are happy to roll over for whatever." and "By the way, what is the rule on exporting software again?"
I am impressed that some effort is being made. I think it in the form of 'too little, too late.' But hey, who am I?
I think you are being too critical, they have done more than any company I know of to make easy to use crypto widely available. They may be willing to obey the laws if they require GAK, but I do not feel that they are just rolling over either. I strongly oppose GAK, but I do not believe that no crypto is better than GAK crypto. I would rather keep some people out than nobody out. Dan Weinstein djw@pdcorp.com http://www.earthlink.net/~danjw PGP public key is available from my Home Page. All opinions expressed above are mine. "I understand by 'freedom of Spirit' something quite definite - the unconditional will to say No, where it is dangerous to say No. Friedrich Nietzsche
On Sun, 3 Dec 1995, Dan Weinstein wrote:
On Sat, 2 Dec 1995 20:16:08 -0500 (EST), Black Unicorn <unicorn@schloss.li> wrote:
On Sat, 2 Dec 1995, Jeff Weinstein wrote:
Black Unicorn wrote:
To the outsider, it looks as if Netscape 'owes' the government.
We do owe the government. They have paid us for Servers and Clients that support Fortezza. That is what we owe them. The money that the NSA gave us for Fortezza is not very significant compared to what we are getting from commercial sources.
Obviously it was significant enough to take. It was also a perfect opportunity for Netscape to express concerns about the future of the technology, which is in netscape's interest. The astute deal maker would be happy to work with the NSA on his own terms. Instead, it would appear that Netscape is working FOR NSA on their terms.
If you read what they had to say about this, you know that they are hoping others will create non-escrowed crypto hardware using the same interface. I see no reason for them to not include support for any available hardware system (even if it includes GAK), as long as they continue to support non-escrowed encryption internally. This allows the customer to decide that they have no problem with GAK and use the external system, or use the internal system and not have GAK.
I read it quite carefully. I just was not as easily taken in by the double speak as you were. Hoping others will do something is about as useful as sitting on your thumb. Netscape is in a position to make some policy impact here. If they insist on going another way, I want to hear why, not that they are all on our side and we should be nice because really we're all in this together, and afterall, Netscape isn't such a bad lot. They can support whoever they like. I just want to hear WHY. More importantly, I don't want to be snowed with some horse hockey answer. It insults my intelligence. Yours was obviously unaffected.
I'd be interested to know what a 'government liason person' is. It sounds to me like an 'in house lobbist.' There is an old joke in the beltway about in house lobbists.
I also would like to know why you are actively lobbying for 'claification' rather than 'modification' of the current policy.
Until the current policy is clearly defined it is like a moving target. Once the government has been pinned down to a single policy, it will be much easier to dispute their policies. Currently the government can say anything they want about their enforcement of ITAR, because they have not stated a clear set of rules with regard to it. Once they have set clear rules, those rules can be shown to be overly restrictive or even unenforceable.
I believe you actually think you are teaching me something here. I said before, and I will say again. If Netscape is against GAK, then let them be AGAINST GAK. If they are just going to try and finesse their way into the market without making to many waves, let's hear it that way instead of some crap about how they are 'lobbying actively against GAK' (Which I might point out, is an assertion that fell apart at the most basic prodding).
Also, lawyers usually advise clients based on a worst case scenario, thus when the government is unclear on its rules, the lawyers advise their clients based upon the worst possible interpretation of the law. This is done to protect their client. By not stating a policy, the government is making that worst case happen, without having to be the bad guy by actually attempting to enforce such a policy.
I really think you are pompus enough to think you are teaching people things they don't know here. I invite you to re-read the entire conversation and discover, as an exercise, that the issue is not what the government is or is not doing, but what netscape is or is not doing. I could care about Netscape's loose-lipped lawyers.
Netscape seems to be taking the position, "We'd love it if you'd let us do X, but we are happy to roll over for whatever." and "By the way, what is the rule on exporting software again?"
I am impressed that some effort is being made. I think it in the form of 'too little, too late.' But hey, who am I?
I think you are being too critical, they have done more than any company I know of to make easy to use crypto widely available.
0 + .00001 = .00001 Yes, just as last time you checked, .00001 is still more than 0.
They may be willing to obey the laws if they require GAK, but I do not feel that they are just rolling over either. I strongly oppose GAK, but I do not believe that no crypto is better than GAK crypto. I would rather keep some people out than nobody out.
Your ignorance is assuming that the options you present are the only options available. JW made the same mistake. In logical discourse this is called "narrowing the field." It's a version of the 'straw man' and a classic flaw in logical argument.
Dan Weinstein djw@pdcorp.com http://www.earthlink.net/~danjw PGP public key is available from my Home Page. All opinions expressed above are mine.
"I understand by 'freedom of Spirit' something quite definite - the unconditional will to say No, where it is dangerous to say No.
This has got to be the most ironic of signatures I have ever seen. Why don't you begin to apply the cute quotes you put in your .sig to real life and tell Netscape to grow a backbone and say 'No.' to GAK?
Friedrich Nietzsche
--- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information
On Sun, 3 Dec 1995 06:20:52 -0500 (EST), you wrote:
On Sun, 3 Dec 1995, Dan Weinstein wrote:
On Sat, 2 Dec 1995 20:16:08 -0500 (EST), Black Unicorn <unicorn@schloss.li> wrote:
On Sat, 2 Dec 1995, Jeff Weinstein wrote:
Black Unicorn wrote:
To the outsider, it looks as if Netscape 'owes' the government.
We do owe the government. They have paid us for Servers and Clients that support Fortezza. That is what we owe them. The money that the NSA gave us for Fortezza is not very significant compared to what we are getting from commercial sources.
Obviously it was significant enough to take. It was also a perfect opportunity for Netscape to express concerns about the future of the technology, which is in netscape's interest. The astute deal maker would be happy to work with the NSA on his own terms. Instead, it would appear that Netscape is working FOR NSA on their terms.
If you read what they had to say about this, you know that they are hoping others will create non-escrowed crypto hardware using the same interface. I see no reason for them to not include support for any available hardware system (even if it includes GAK), as long as they continue to support non-escrowed encryption internally. This allows the customer to decide that they have no problem with GAK and use the external system, or use the internal system and not have GAK.
I read it quite carefully. I just was not as easily taken in by the double speak as you were.
I see, you cannot say that they are really supporting GAK based upon the actual statements made, so you simply assert it.
Hoping others will do something is about as useful as sitting on your thumb.
Yes, but making something an economically viable venture is very useful. That is what they have done. They have implemented an interface into a widely available piece of software. This makes it much more economically viable for others to implement strong crypto into another product using the same interface.
Netscape is in a position to make some policy impact here. If they insist on going another way, I want to hear why, not that they are all on our side and we should be nice because really we're all in this together, and afterall, Netscape isn't such a bad lot.
Jeff Weinstein has said that Netscape is drafting an official position paper and that it would be available in the near future. If Netscape lives up to this, we will soon enough have the companies position and not just that of two employees (Jeff Weinstein and Jim Clark). Why do you feel you must jump to judge the company based on the opinions of two of its employees? This is especially questionable when one is clearly stating that the company is against GAK and the other is at worst being unclear. If you feel they are being contradictory, wait a week and look at their policy statement then decide.
They can support whoever they like. I just want to hear WHY. More importantly, I don't want to be snowed with some horse hockey answer. It insults my intelligence. Yours was obviously unaffected.
Wait a week and read their official statement then decide. You accuse me of logical fallacies, but then argue through insult and assertion. You have not pointed to a single fact or any contradictory statements in posts to this list. I will admit that Jim Clark was somewhat unclear, but I attribute this to the fact that the official company position is as yet not written and thus he is attempting to remain somewhat neutral.
I'd be interested to know what a 'government liason person' is. It sounds to me like an 'in house lobbist.' There is an old joke in the beltway about in house lobbists.
I also would like to know why you are actively lobbying for 'claification' rather than 'modification' of the current policy.
Until the current policy is clearly defined it is like a moving target. Once the government has been pinned down to a single policy, it will be much easier to dispute their policies. Currently the government can say anything they want about their enforcement of ITAR, because they have not stated a clear set of rules with regard to it. Once they have set clear rules, those rules can be shown to be overly restrictive or even unenforceable.
I believe you actually think you are teaching me something here.
You asked why they wanted clarification and I simply responded.
I said before, and I will say again. If Netscape is against GAK, then let them be AGAINST GAK. If they are just going to try and finesse their way into the market without making to many waves, let's hear it that way instead of some crap about how they are 'lobbying actively against GAK' (Which I might point out, is an assertion that fell apart at the most basic prodding).
Wait a week. As far as their lobbying assertion falling apart, I must have missed this. My understanding is that: A) They support several industry groups that are taking an active position in opposition to GAK. B) They have until very recently had only very limited resources. C) Have just recently hired an in house lobbyist. D) That they did not attend the Bernstein hearing. Now given point B, I see no reason to expect that they would in the past have done much more than they have. Given point C, I see they are currently expanding their lobbying. If point D is the measure of crypto correctness, then I to am guilty. Though I do not live in the vicinity, I guess I should have been expected to fly up to lend my moral support. Bovine excrement.
Also, lawyers usually advise clients based on a worst case scenario, thus when the government is unclear on its rules, the lawyers advise their clients based upon the worst possible interpretation of the law. This is done to protect their client. By not stating a policy, the government is making that worst case happen, without having to be the bad guy by actually attempting to enforce such a policy.
I really think you are pompus enough to think you are teaching people things they don't know here.
Again, you asked, I answered. I did not expect that this would be new to anyone on the list, but you asked.
I invite you to re-read the entire conversation and discover, as an exercise, that the issue is not what the government is or is not doing, but what netscape is or is not doing. I could care about Netscape's loose-lipped lawyers.
You seem very concerned about what Netscape is doing, and as such should be concerned about what their lawyers are _forced_ to tell them. I understand that the discussion is about Netscape not the government, but discussing actions without discussing motives is useless.
Netscape seems to be taking the position, "We'd love it if you'd let us do X, but we are happy to roll over for whatever." and "By the way, what is the rule on exporting software again?"
I am impressed that some effort is being made. I think it in the form of 'too little, too late.' But hey, who am I?
I think you are being too critical, they have done more than any company I know of to make easy to use crypto widely available.
0 + .00001 = .00001
Yes, just as last time you checked, .00001 is still more than 0.
My point is that you are too quick to call your recent ally an enemy. You may not see what Netscape has done as important, but I believe that many do (including me). They are supposed to have integrated e-mail crypto in the final release of Navigator 2.0. I will remind you that Jeff Weinstein has said that this will not include GAK.
They may be willing to obey the laws if they require GAK, but I do not feel that they are just rolling over either. I strongly oppose GAK, but I do not believe that no crypto is better than GAK crypto. I would rather keep some people out than nobody out.
Your ignorance is assuming that the options you present are the only options available. JW made the same mistake. In logical discourse this is called "narrowing the field." It's a version of the 'straw man' and a classic flaw in logical argument.
I am not saying that the choice is between either no crypto or GAK crypto. I am saying that they have only said that they will go to GAK if the choice is between GAK crypto and no crypto. To the best of my knowledge they have not said that they would implement a GAK only product in any other situation. I think that this is reasonable, I do not think that we should let it come to this. We need to insure that they (or anyone else) are never put into that position. (and yes they should to.)
Dan Weinstein djw@pdcorp.com http://www.earthlink.net/~danjw PGP public key is available from my Home Page. All opinions expressed above are mine.
"I understand by 'freedom of Spirit' something quite definite - the unconditional will to say No, where it is dangerous to say No.
This has got to be the most ironic of signatures I have ever seen.
Why don't you begin to apply the cute quotes you put in your .sig to real life and tell Netscape to grow a backbone and say 'No.' to GAK?
I sent a message to Netscape after reading the article that started this, It simply stated that I wanted clarification on their position on GAK and that if they were to support it they would lose a loyal customer. I have since been convinced by Jeff Weinstein's posts to this list that the company does not support GAK, and in fact they oppose it. You would do better to spend less time insulting people and more time trying to support your arguments. Dan Weinstein djw@pdcorp.com http://www.earthlink.net/~danjw PGP public key is available from my Home Page. All opinions expressed above are mine. "I understand by 'freedom of Spirit' something quite definite - the unconditional will to say No, where it is dangerous to say No. Friedrich Nietzsche
On Mon, 4 Dec 1995, Dan Weinstein wrote:
On Sun, 3 Dec 1995 06:20:52 -0500 (EST), you wrote:
On Sun, 3 Dec 1995, Dan Weinstein wrote:
On Sat, 2 Dec 1995 20:16:08 -0500 (EST), Black Unicorn <unicorn@schloss.li> wrote:
If you read what they had to say about this, you know that they are hoping others will create non-escrowed crypto hardware using the same interface. I see no reason for them to not include support for any available hardware system (even if it includes GAK), as long as they continue to support non-escrowed encryption internally. This allows the customer to decide that they have no problem with GAK and use the external system, or use the internal system and not have GAK.
I read it quite carefully. I just was not as easily taken in by the double speak as you were.
I see, you cannot say that they are really supporting GAK based upon the actual statements made, so you simply assert it.
Again, you miss the point. Again, you twist the issue. I didn't say they were actively supporting GAK. I said they were not opposing it with anything like vigor. Show me now where I assert that "they are really supporting GAK." I see. You cannot say that I said that, so you simply assert it?
Hoping others will do something is about as useful as sitting on your thumb.
Yes, but making something an economically viable venture is very useful. That is what they have done. They have implemented an interface into a widely available piece of software. This makes it much more economically viable for others to implement strong crypto into another product using the same interface.
Uh... sure buddy. Let's not forget something here. Netscape is not removing itself from the role of crypto developer. Quite the reverse. They have purposefully included crypto in their product. They claim to be for strong crypto. I want to see more than words on that point. When I said waiting for someone else to do something was useless, I was refering to Netscape's "allow others to oppose GAK actively while we do a lot of hand wringing" attitude.
Netscape is in a position to make some policy impact here. If they insist on going another way, I want to hear why, not that they are all on our side and we should be nice because really we're all in this together, and afterall, Netscape isn't such a bad lot.
Jeff Weinstein has said that Netscape is drafting an official position paper and that it would be available in the near future.
You, unlike me, are willing to let that be enough. I will believe it when I see it. This basically amounts to "at some point in the 'near future' I will tell you what we will do in the 'near future after the near future.'" If Netscape
lives up to this, we will soon enough have the companies position and not just that of two employees (Jeff Weinstein and Jim Clark). Why do you feel you must jump to judge the company based on the opinions of two of its employees?
Why do you feel you must sit on your hands and wait for the world to decide your fate for you? Mr. Weinstein and Mr. Clark (I would hope) have some infulence in these matters. They have not (as far as I have seen) demonstrated to anyone that they have thought about them much. What precisely is it about my free-speech urges and taunt to energize them that frightens you? Am I too loud for your taste? Does the frige humming at night disturb you? This is especially questionable when one is
clearly stating that the company is against GAK and the other is at worst being unclear. If you feel they are being contradictory, wait a week and look at their policy statement then decide.
I would much rather try to get them to write the damn policy statement right in the first place than have to try and CHANGE a poor and intrenched policy once in place. Clearly you have not done much of this kind of work in business or government before.
They can support whoever they like. I just want to hear WHY. More importantly, I don't want to be snowed with some horse hockey answer. It insults my intelligence. Yours was obviously unaffected.
Wait a week and read their official statement then decide.
See above as to why this is foolish and lazy.
You accuse me of logical fallacies, but then argue through insult and assertion.
When the shoe fits....
You have not pointed to a single fact or any contradictory statements in posts to this list.
Again, you have missed the target, and the barn. I don't care about contradictory statements as much. I care about a lack of demonstrated effort. I have pointed to the absence of any single fact or statement that shows Netscape is really interested in trying to derail GAK, or promote strong crypto in anything like an active way. I will admit that Jim Clark was somewhat
unclear, but I attribute this to the fact that the official company position is as yet not written and thus he is attempting to remain somewhat neutral.
And it is in my interest, and in my view everyone's interest, for him to be less than neutral, and instead quite violently pro-strong-crypto and anti-GAK. It's called 'persuasion.'
I'd be interested to know what a 'government liason person' is. It sounds to me like an 'in house lobbist.' There is an old joke in the beltway about in house lobbists.
I also would like to know why you are actively lobbying for 'claification' rather than 'modification' of the current policy.
[Blah]
I believe you actually think you are teaching me something here.
You asked why they wanted clarification and I simply responded.
No, I asked why ONLY clarification, and NOT modification. Try reading the entire sentence.
I said before, and I will say again. If Netscape is against GAK, then let them be AGAINST GAK. If they are just going to try and finesse their way into the market without making to many waves, let's hear it that way instead of some crap about how they are 'lobbying actively against GAK' (Which I might point out, is an assertion that fell apart at the most basic prodding).
Wait a week.
See above yet again why I would rather not.
As far as their lobbying assertion falling apart, I must have missed this. My understanding is that:
A) They support several industry groups that are taking an active position in opposition to GAK.
"I'm all for those people who are for the troops in the gulf." Lot of good this does.
B) They have until very recently had only very limited resources.
My heart goes out. Today they have resources, let's see some action.
C) Have just recently hired an in house lobbyist.
No, they have hired a 'government liason person.' No one has explained with any detail what that means.
D) That they did not attend the Bernstein hearing.
Perhaps, perhaps not. I have no idea.
Now given point B, I see no reason to expect that they would in the past have done much more than they have.
Netscape has been nicely funded for quite a while in Washington business days. A lot happens there in the time they have been loafing. Given point C, I see they
are currently expanding their lobbying.
Uh... sure... and 0 + 1 is still only 1. Show me some serious effort. Name this expert lobbist who doubtlessly has a sparkling reputation. Why was an individual and not a firm hired? If point D is the measure of
crypto correctness, then I to am guilty.
Point D is of no real import to me. Though I do not live in the
vicinity, I guess I should have been expected to fly up to lend my moral support. Bovine excrement.
So. We have one guy in washington, (maybe, is he posted in washington?) and a lot of excuses. Adds up to: "Bovine excrement."
Also, lawyers usually advise clients based on a worst case scenario,
[Yadda yadda yadda]
I really think you are pompus enough to think you are teaching people things they don't know here.
Again, you asked, I answered. I did not expect that this would be new to anyone on the list, but you asked.
I think you need to read questions more carefully.
I invite you to re-read the entire conversation and discover, as an exercise, that the issue is not what the government is or is not doing, but what netscape is or is not doing. I could care about Netscape's loose-lipped lawyers.
You seem very concerned about what Netscape is doing, and as such should be concerned about what their lawyers are _forced_ to tell them.
I am more concerned about what Netscape is NOT doing. How this has anything to do with what the lawyers (none of whom to my knowledge are lobbists) think?
I understand that the discussion is about Netscape not the government, but discussing actions without discussing motives is useless.
A cute speech. Still doesn't change the fact that a little fluff seems to have quite effectively taken you in.
Netscape seems to be taking the position, "We'd love it if you'd let us do X, but we are happy to roll over for whatever." and "By the way, what is the rule on exporting software again?"
I am impressed that some effort is being made. I think it in the form of 'too little, too late.' But hey, who am I?
I think you are being too critical, they have done more than any company I know of to make easy to use crypto widely available.
0 + .00001 = .00001
Yes, just as last time you checked, .00001 is still more than 0.
My point is that you are too quick to call your recent ally an enemy.
Netscape was never my ally. They looked like a company worth investing in. For the time I held stock, they were. Their morass on this issue, and my general dislike for overhyped firms, made the investment less and less worth it to me. Netscape did about what was par for the course, include crypto in a product that is likely to be used for financial information. You think this is some great accomplishment? You only strengthen my view that you are easily impressed.
You may not see what Netscape has done as important, but I believe that many do (including me). They are supposed to have integrated e-mail crypto in the final release of Navigator 2.0. I will remind you that Jeff Weinstein has said that this will not include GAK.
I don't CARE what Netscape's past is. I care what Netscape is doing with the signifcant power and voice they have. I wonder if Netscape is selling out.
They may be willing to obey the laws if they require GAK, but I do not feel that they are just rolling over either. I strongly oppose GAK, but I do not believe that no crypto is better than GAK crypto. I would rather keep some people out than nobody out.
Your ignorance is assuming that the options you present are the only options available. JW made the same mistake. In logical discourse this is called "narrowing the field." It's a version of the 'straw man' and a classic flaw in logical argument.
I am not saying that the choice is between either no crypto or GAK crypto.
Now you need to read your answers more carefully. Look up 11 lines. I am saying that they have only said that they will go to GAK
if the choice is between GAK crypto and no crypto.
Read a few more lines up, where you say you don't think Netscape is rolling over. To the best of my
knowledge they have not said that they would implement a GAK only product in any other situation.
In fact they have said very little of anything. This is the point. Again, what rises to the level of an 'anti-GAK' position in your view astounds me. "Well, they didn't say they would implement GAK unless they had to." "Well, I'll stop all this drug trafficking if anyone tells me I have to." I think that this is reasonable, I do
not think that we should let it come to this. We need to insure that they (or anyone else) are never put into that position. (and yes they should to.)
Boy, sure seems like your ready to come out swinging! But let's wait a week, eh?
Dan Weinstein djw@pdcorp.com http://www.earthlink.net/~danjw PGP public key is available from my Home Page. All opinions expressed above are mine.
"I understand by 'freedom of Spirit' something quite definite - the unconditional will to say No, where it is dangerous to say No.
This has got to be the most ironic of signatures I have ever seen.
Why don't you begin to apply the cute quotes you put in your .sig to real life and tell Netscape to grow a backbone and say 'No.' to GAK?
I sent a message to Netscape after reading the article that started this, It simply stated that I wanted clarification on their position on GAK and that if they were to support it they would lose a loyal customer. I have since been convinced by Jeff Weinstein's posts to this list that the company does not support GAK, and in fact they oppose it.
And what have they done to oppose it precisely? Show me something besides 'send a man down' or 'appoint a committee' or 'consider the issue for a pending policy release.' You would do better to spend less time insulting people
and more time trying to support your arguments.
And you need to read questions and your own statements before starting a reply.
Dan Weinstein djw@pdcorp.com http://www.earthlink.net/~danjw PGP public key is available from my Home Page. All opinions expressed above are mine.
--- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information
On Fri, 1 Dec 1995, Jeff Weinstein wrote:
James A. Donald wrote:
I will prepare the netscape dehanced dirty pictures web page, but not advertize the URL until shortly after December 5th.
I hope to hear a suitable "clarification" before then.
See my recent message to this list. We will be taking an anti-GAK position.
So you will refuse to implement GAK in future version of netscape then? Or you will merely do lipservice to the GAK policies at the conference? I think the distinction is quite key. Forgive the pun.
--Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
--- "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information
On Sat, 2 Dec 1995, Black Unicorn wrote:
On Fri, 1 Dec 1995, Jeff Weinstein wrote:
See my recent message to this list. We will be taking an anti-GAK position.
So you will refuse to implement GAK in future version of netscape then? Or you will merely do lipservice to the GAK policies at the conference?
Can you say "shareholders derivative suit"???
I think the distinction is quite key.
Good one!
Forgive the pun.
--Jeff --
EBD
participants (7)
-
Black Unicorn -
Black Unicorn -
Brian Davis -
djw@pdcorp.com -
James A. Donald -
Jeff Weinstein -
sameer