[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Public vs. Private Munitions
At 11:25 AM 7/28/96 -0700, you wrote:
>At 7:24 PM 7/27/96, Erle Greer wrote:
>
>> Theoretically, the government should only be have the resources to
>>control commercially-available, public encryption systems. Who is to stop
>
>While I'm not exactly sure what you mean by a "commercially-available,
>public encryption system," I think your point is incorrect.
I didn't mean that I think that the govt should be allowed to control. I
meant that govt would only be able to regulate commercial and/or public
systems. They, of course, would have no say in the specs of my
personally-written cryptosystem.
>(My confusion is that a commercially-available system is not necessarily a
>"public" system, if by public one means public domain. If one means
>"published specifications," still not the case. Confusing.)
Sorry about the confusion. Although I may have used the two terms loosely,
I was trying to contrast commercial and public against something written in
secret and not offered for govt approval.
>Howver, the government cannot step in and "control" a
>commercially-available product, by even the most liberal interpretations of
>the commerce clause. "Tim's Pretty Flaky Snakeoil System," for example. I
>can announce it, sell it, and the government is powerless to "control" it.
>(Even if it were "public.")
>
>If by "public" you mean an NBS or NIST standard, like DES, then I suppose
>the government can in some sense "control" it. (Even this is iffy, IMO, as
>I know of no rules saying DES implementations must be approved by NIST or
>anyone else.)
>
>>anyone from designing their own cryptosystem for personal use? If the
>>government intercepted a transmission from this private cryptosystem, and
>>could not decrypt it, would they assume that it must be considered
>>munitions? Similarly, anyone could send uniformly-formatted random garble
>>that could also be considered munitions, or at least waste the governments
>>processing time.
>
>Most of the cryptosystems are not under the "control" of the government,
>even by the standards of your first definition. Period. RSA is not a
>government-controlled system, though it is both "commercially-available"
>AND "public" (in that the spec and algorithm are clearly published).
>
>And the talk about "personal use" is misleading, IMO. It suggests that
>government can and should regulate use for "business purposes" but not
>personal uses. I disagree with this distinction.
Absolutely not! Let me clarify that I feel that the govt should have no
part in crypto regulation, be it commercial, public, private, business, etc.
>> Why are we so worried about government regulation? Can't we just
>>devise our own cryptosystems and just don't sell them or make them publicly
>>available?
>
>You mean the way public key systems in general and RSA in particular were
>invented and devised by non-government folks?
After some responses and some thought, I have seen the error in my thinking.
Having a secret, proprietary cryptosystem would loose the public-key benefit.
It would be fine, I believe, for point-to-point communications though.