[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

An Alliance with RSA?



Fellow Cypherpunks,

In this message I am urging we all consider an alliance with RSA Data
Security, the only company or group able to actually provide an
alternative to the "weak crypto" of the Clinton Clipper.

I have no idea if RSA is interested, or if in fact they're already in
league with the NSA and other privacy clippers.

I chose a public forum because I'm in no position to negotiate for
anybody in private. I also mailed a copy to Jim Bidzos, in case he's
not reading sci.cryt right now.


-Tim


Newsgroups: sci.crypt,alt.security,comp.org.eff.talk,comp.security.misc,comp.org.acm,comp.org.ieee
From: [email protected] (Timothy C. May)
Subject: Re: Don't fight Clipper Chip, subvert or replace it !
Date: Sat, 17 Apr 1993 21:09:13 GMT

Robert Lewis Glendenning ([email protected]) wrote:
: Clipper Chip is a response to the fact that there is no business
: or professional body in a position to establish a standard and
: provide chipsets to implement it for analog or digial transmission
: systems.
: 
: RSA might be in position to do it, if they had active cooperation of
: a couple of manufacturers of cellular phones or desktop phones.
.......
: Is RSA independt of the gov enough to spearhead this?  I, for one,
: would *gladly* pay royalties via purchasing secure phones.


Hear hear! I completely agree that we need to work quickly to
establish alternatives to the government's Clinton Clipper. As Brad
Templeton and others have noted, once the Clipper becomes ensconced in
enough phones there will be enormous pressure to make it the *legal*
standard, and it will become the "market* standard as well. (There is
a lot of confusion in the proposal about whether the use of Clipper is
mandated, about whether non-escrow alternatives will be allowed, etc.)

(There are also unclear issues about how hard, or how illegal, it will
be to make "workalikes" which meet the standard but which generate
phony or untappable keys...I'm sure the next several weeks will see
these issues thrashed out in this and other groups.)

Meanwhile, I'd be interested to hear RSA Data Security's reaction.
Often criticized in this group for their licensing policies (the usual
complaints about MailSafe costing too much, at $125 or so, and the
general issue of software patents...), we may find that *allying*
ourselves with RSA is the best thing we can do. What's a mere
licensing fee when our liberty may be at stake? (If everyone who
wanted true security paid, say, $100 for a lifetime use of all of
RSA's patents--which expire in the period 1998-2002, or so--then RSA
would make tons of money and be happy, I'm sure. A small price to pay.
For those to whom $100 sounds like too much, I'm sure the actual terms
could be different, spread out over several years, whatever. To me,
it's a small price to pay.)

Strong crypto means strong privacy. Escrowing keys, sending copies of
keys to large databases, and splitting keys into two 40-bit pieces,
all done with secret and non-analyzable protocols and algorithms, is
*NOT* strong crypto!

Whatever some of us may think about the abstract principles of
patenting number theory applications, this minor issue pales in
comparison with the potential dangers of the Clipper proposal (note
that I said "potential"...we'll presumably learn more in the coming
months).

The RSA algorithms are at least public, have been analyzed and
attacked for years, and source code is available (to better ensure no
deliberate weakenesses or trapdoors).

I know of a number of groups putting together voice encryption systems
using off-the-shelf hardware (like Soundblaster boards for the PC) and
CELP-type software. The new generations of PCs, using fast 486s and
Pentiums are fast enough to do real-time voice encryption. Combined
with Diffie-Hellman key exchange, this should provide an alternative
to the Clipper system.

Of course, we don't really know if the Administration proposes to
outlaw competing systems. (It seems to me that their goal of tapping
terrorists, child pornographers, and Hilary bashers would be thwarted
if low-cost alternatives to Clipper proliferated. Not to defend child
pornographers or terrorists, but limiting basic freedoms to catch a
few criminals is not the American way of doing things. End of soapbox
mode.)

I suggest we in these groups set aside any differences we may have had
with RSA (and don't look at me....I have both MacPGP *and* a fully
legal copy of "MailSafe"!) and instead work with them as quickly as we can.

RSA?, Jim?, are you listening?

-Tim May

P.S. I reserve the right to retract these opinions if it should turn
out that RSA Data Security was involved in the Clipper proposal.
-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: PGP and MailSafe available.