Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:26
Anonymous (nobody@replay.com)
Sat, 6 Feb 1999 02:54:03 +0100
> While this looks like good clean fun, the catch will likely come during the
> famous "one-time review" at BXA, wherein they defenestrate the written
> regulations and decide whether you've given them enough information to
> break the system with no more effort than it would take them to break DES.
> If their answer's "no", then your export application is rejected. I
> predict it doesn't matter whether you're using an RSA key that's the same
> length as the RSA key the regs say is OK, if it doesn't let them break the
> traffic. Since the system does do encryption, they claim you need to have
> it reviewed.
I think of it as just another demonstration of the hilarity of export
regulations. I'm not under the illusion that the system is exportable as a
unit, but I think it nonetheless further supports the point that "harmless"
cryptography can't be separated from the hearty, human-rights-enhancing
variety; it's another way strong confidentiality can consist entirely of
exportable components which can trivially be snapped together.
To clarify, I'd say c&w is better in the context of an actual export, because
you can send out one thing, but RSA as a block cipher isn't useless, because it
exposes as inconsequential another kind of selective regulation.
Among the types of things that would have to be non-exportable to prevent
snap-together confidentiality are MACs (c&w or OFB/CFB usage), high-quality
pseudorandom number generators (stream ciphers waiting to happen),
authentication algorithms (c&w), and weak public-key algorithms (usable as
block ciphers).
...
>
> --
> Jim Gillogly
> Trewesday, 15 Solmath S.R. 1999, 22:11
> 12.19.5.16.10, 4 Oc 3 Pax, Sixth Lord of Night
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:26