On Mon, Sep 24, 2001 at 01:52:01PM -0400, Lowell Bruce McCulley wrote:
> There's more here than meets the eye.
>
> For one thing, don't think that there won't be provisions made to
> allow for securing the big money transactions. The backdoors won't
> jeopardize them
I'm not a crypto expert, but the argument generally goes that if there
are back doors in your algorithms, the security is inherently weaker.
I can't speak to how much weaker... Additionally, you now must trust
that whatever organization holds keys in escrow has themselves not
been compromised and your keys stolen. That's a much bigger concern
for me.
Do YOU want to trust them? I sure don't.
> those players won't let that happen - it's the small fry who will
> bear the brunt of the jeopardy.
I would agree that the individual, or "small fry" as you put it, will
bear the most risk.
> Also, think about the details, the only folks who will be held to
> account are the law-abiding software companies. The terrorists (and
> other outlaws, like the cocaine cartels) will (and probably have
> already) cultivate their own local hackers to secure their own
> communications, sans backdoors.
Right, this is itself a great argument against crypto controls: they
won't make one iota of difference.
> This isn't a knee-jerk reaction without thought, it's a
> philosophical judgement on the balance between individuals and
> institutions
I have to disagree. As Phil Zimmerman said, the cat is already out of
the bag on strong crypto. Anyone who wants it can have it for free,
anywhere in the world, if they've got an internet connection and a PC
to use it with. I am of course disregarding legalities entirely,
since terrorists aren't terribly prone to abiding by the laws when
they find it inconvenient to do so. Given that fact that it's readily
available, legislating crypto controls in our country (the only place
our laws could have effect) can have no effect. None. Zero.
--
Derek D. Martin
[EMAIL PROTECTED]
PGP signature
