NRC Cryptography Report:

Bill Frantz frantz at netcom.com
Fri May 31 04:45:01 PDT 1996


Some dumb questions from a citizen.

Note: Recommendation summaries are from "Fight-Censorship Dispatch #11:
Landmark Crypto Study Released", posted by Declan McCullagh
<declan at eff.org>.  Thanks Declan.

>Recommendation 4:  Export controls on cryptography should be
>progressively relaxed but not eliminated.
>
>        4.1 -- Products providing confidentiality at a level that
>        meets most general commercial requirements should be easily
>        exportable.  Today, products with encryption capabilities that
>        incorporate 56-bit DES provide this level of confidentiality
>        and should be easily exportable.

How do you reconcile this recommendation with the recommendation of the
Cryptography experts group that data which needs to be kept secret for 20
years should be protected by at least 90 bit keys?

The current export restrictions inhibit using strong crypto domestically. 
How do this recomendation free domestic crypto for commercial development? 
Another way of asking is, how can strong crypto be distributed in the US so
as to preclude prosecution for exporting it?  How do future export controls
affect software posted to FTP/web sites?

>
>        5.3 -- To better understand how escrowed encryption might
>        operate, the U.S. government should explore escrowed
>        encryption for its own uses.  To address the critical
>        international dimensions of escrowed communications, the U.S.
>        government should work with other nations on this topic.

How do government experiments with key recovery systems help us learn about
their vulnerablities to human level attacks, e.g. bribery?  How much
negotiable value will these government systems carry?

How will GAKed systems protect US business from spying by foreign
governments?  France is rumored to be particularly active in commercial
spying, and will want access to all keys used in France.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA








More information about the cypherpunks-legacy mailing list