From: Ken >+++ Williams, Larry [01/05/02 14:36 -0500]: >> I doubt it, but you missed the point. He's not talking >about removing the locks altogether but that he can >> live without a cipher lock. Certainly we all want to >protect our personal information as much as our personal >> property. And because there are bad guys out there who will >use whatever tools are at their disposal to obtain >> anything of value from us, a certain degree of protection is >needed both in the physical and online worlds. > >Sending plaintext across untrusted networks (i.e. the >Internet) is _exactly_ like not having _any_ locks on your car. >There is no guarantee of any access control anywhere - at all.
I agree, but no one said there were only the two choices - clear or encrypted. Because there exists several different levels of encryption, life can still go on if I don't have the strongest encryption available. Certainly stronger is better, but the next step down is not plaintext. >I think that you'll find that the generally sucessful crypto >systems are not the ones that rely on the algorithim being >secret, rather the ones that the algorithim is publically >available. Which should have known since I deal with DES and 3DES at work. >I understand military the necessity to have military >secrets, but I don't think that this is one of those cases. I can tell you that all aspects of military crypto are classified. The algo may be public domain, but which one they use is not. But crypto is used in all levels of government to communicate sensitive data to those who need it. This might include an itinerary for a foreign ambassador, the whereabouts of the VP on 9/12/01, the phone number to the oval office (or any office at the capitol). And if there is something in those communiqu�s that can't be publicly known, then the algo and/or the key must be protected. If Joe citizen had either or both (the latter is unlikely but not impossible) because he wants to encrypt his email to his family, he would then also have an ability to decrypt - or attempt to - any government message. I'd hate to think of the taliban or any other U.S.-hating entity having knowledge of an encryption method that can be used against us. I am not an advocate for government control of encryption, but I believe - as a government - I would want to protect my personal and private information from prying eyes and Enquiring(sic) minds. That might mean developing, or seizing control of the development of, a very strong encryption and prohibiting its use by Joe citizen, and that can be construed as government control of encryption.
