Chaffing and winnowing
Mark Rosen
mrosen at peganet.com
Wed May 13 15:46:22 PDT 1998
> Mark> ... g. Data authentication equipment that calculates a
> Mark> Message Authentication Code (MAC) or similar result to
> Mark> ensure no alteration of text has taken place, or to
> Mark> authenticate users, but does not allow for encryption of
> Mark> data, text or other media other than that needed for the
> Mark> authentication;
>
>But wasn't that the gist of Rivest's paper: he's not encrypting the
>message, he's just obscuring it really, really well.
>
>All this needs someone with the cash & the time to push it to court...
>
Actually, the first parts I quoted applied to chaffing and winnowing
too:
a. Designed or modified to use ``cryptography'' employing digital techniques
to ensure ``information security'';
b. Designed or modified to perform cryptanalytic functions;
c. Designed or modified to use ``cryptography'' employing analog techniques
to ensure ``information security'';
Part a. basically prevents any sort of "encryption" technique, whether
that technique uses a normal encryption algorithm, a hash function, or
quantum cryptography -- anything that can be used for "information security"
I think that the NSA knew about chaffing and winnowing, and they talked
with the people who wrote the EAR and helped them make the legislation cover
chaffing and winnowing.
Please know that I, in no way, like the EAR; it just seems that
everyone's hopes that chaffing and winnowing gets around the export controls
are invalid. The EAR doesn't care *how* you do the encryption, it only cares
that some sort of "encryption" was performed.
Are there any legal-types out there that can give a more definitive
answer?
- Mark Rosen
http://www.mach5.com/
More information about the cypherpunks-legacy
mailing list