On Jan 4, 2008, at 12:50 PM, Thierry Moreau wrote:
Jon Callas wrote:
They let strong crypto through all the time. I can't imagine what
*technology* you couldn't get through.
Do you have an example of allowed strong crypto having good key
management and not already widely-implemented/easily-implementable
by competitors outside of the Wasseenar zone?
I'm sorry, but I don't understand the question. I've read it about
ten times and don't know what you're asking. Let me try to answer by
talking around it.
If you look at the basic components we have, the ciphers, hash
functions, and so on, they're all secure enough that a major
government can't crack them. Yes, we know that there are weaknesses
in lots of hash functions, but by now, we have a pretty good handle
on that. We know about how broken they are, and there are
workarounds. Furthermore, if you look at the push to fix this --
where is it coming from? NIST, NESSIE, etc.
If you look at the medium-level functions, like HMAC, salted hashing,
tweakable cipher modes, and so on, they are *more* secure. For
example, even if you don't like SHA-1, a SHA-1 HMAC is still
If you look at the protocols, like TLS, IPsec, OpenPGP, S/MIME, and
so on, they're also secure, because they assemble the reasonably
secure components together reasonably securely. Yes, we can have
discussions about some of them, but again, we know lots about their
security, and can actually discuss it rationally. It was much harder
to do that ten to twenty years ago.
All of these things are freely exportable. It's just a matter of
filling out paperwork.
I don't have an example of a cryptosystem that I'd actually want to
use that is non-exportable. And I'm sure that if someone made
something that is custom, it's exportable. I have direct evidence of
Back in 1999, when we were at Counterpane together, John Kelsey and I
created a set of incompatible Blowfish variants. We were going to use
them in TLS so that Counterpane gear would have its own little walled
garden. We could have used a family key, but this was fun, and also a
test of the export regime. Blowfish, as you may or may not know, has
some initialization constants that are hex digits of pi. These
"colorfish" ciphers used different digits of pi for the
initialization. I constructed the family of: Blackfish, Brownfish,
Redfish, Orangefish, Yellowfish, Greenfish, Bluefish, Indigofish,
Purplefish, Whitefish, Silverfish, Goldfish, Octarinefish, and
Plaidfish. I sent them for export and there wasn't a peep. Nothing.
These days, British Telecom owns them.
There are cryptosystems I know of from non-Wassenaar countries that I
wouldn't go near. I don't think they're very good. I don't care if
that's a matter of competence or malice; I'm not favorably impressed.
I am, however, quite sure they're exportable.
I don't have an example of any crypto technology that I would think
wouldn't be exportable.
Definitely, however, there are *people* who couldn't get an
export license because they've been bad in the past.
If one were to look emprircally at these *poeple*, is it possible
that, e.g. as if by chance, they would be designers of good crypto
having good key management and not widely-implemented/easily-
implementable by competitors outside the Wasseenar zone?
So the answer to your questions is that they're vetting who you
are far more than what you're exporting.
Do you mean that they judge whether your are competent to design
good crypto of the above type? Perhaps even they assess whether you
are "organizationally unimpeded" to do so?
No, I don't mean that. Crypto is a "dual use" technology. Most things
are dual use. There are obvious dual use things, like nuclear
materials, but video games are also dual use, as are milling
machines, laser diodes, navigation equipment, and so on. Basically,
if it's fun, it's dual use.
You have to have export licenses for dual use items. Sometimes the
license is very easy to get. In some cases, it is nothing more than
giving them your web logs if they ask for them and there's nothing
requiring you to keep them. (Most open source software falls here.)
Other times, there's more. For some people, like Ivan at OLPC and me
(at PGP), we jump through hoops we don't necessarily have to because
we don't want to end up on the wrong side of things.
If you violate export rules, there can be legal and administrative
penalties. The administrative penalties can be much worse, because
they can essentially just decide you can't ever export anything.
These days, I suspect this would also be a good way to end up on the
permanent SSSS list for flying.
When I took a course on all of this, I was told about a guy in the
import-export biz who was known for being able to get things into
countries with sanctions. Eventually, he was caught and never
prosecuted, but the "administrative" penalties against him mean that
he had to find a new career. He couldn't get an export license to
send an Xbox to Canada.
The Treasury Department maintains a list of Bad People. It's on the
web. Osama bin Laden is one of them, and so is this guy.
That's what I meant.
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]