Beyond way OT.... bobkoure wrote: > I remember when Clipper was introduced. Lots of folks were exercised > about it (I was working in Cambridge at the time - RMS was making a > really big deal about it). And then it just, basically... disappeared. > I hadn't realized that it was withdrawn because it could be made to be > -too- secure. Maybe that part got downplayed...(?)
I am not sure it was ever withdrawn. What happened was that at the NIS&T conference, every business interest, every speaker, every lobbyist, except two who had products to sell for Clipper/Skipjack, was against it. Key escrow is a fine idea, you use crypto to secure your data, and escrow the keys to someone trusted so if the guy managing it, say Pat, is gone to a tropical island, you can get access to the key, unlock your data and continue business. What was not fine was having some Government agency hold it, require that they hold it, and just ask you to 'trust us'. The many widely publicized problems with VA and Social Security losing laptops with huge amounts of private data, had not happened, but folks were still asking "trust you why?" What really happened is that Mark Shuttleworth and others made businesses selling strong crypto outside the US, and even the politicians decided that the idea that only programmers in the US could make ciphers became OBE. Shuttleworth made enough money to become a space tourist and start Ubuntu. Over time, the restrictions on strong crypto were loosened, and became unenforceable. All this was about protecting strong keys. Not keys that look random like the "TidCud02" example, but real random keys. The reality, and back to something vaguely on topic, is that most folks don't want the hassle of managing real strong keys. At least TidCud02 is a lot better than 'password' for a key Pat -- Pat Farrell http://www.pfarrell.com/ _______________________________________________ discuss mailing list [email protected] http://lists.slimdevices.com/lists/listinfo/discuss
