Re: HP announcing some International Cryptography stuff on Monday

[Lucky Green <shamrock@netcom.com>]

On Sun, 17 Nov 1996, Bill Frantz wrote:

> At 12:49 PM 11/15/96 -0800, Timothy C. May wrote:
> >It sounds ominous to me. Another backroom deal, probably for some form of
> >key recovery strategy, aka GAK.
> 
> I'd bet GAK too.  RSADSI has been working on GAK protocols, so these ones
> might actually work.  I feel as pessimistic about this one as Lucky usually
> is.

I have a hard time believing that Netscape caved. As I wrote in July, HP 
was working on selling our children's birthright to obtain an export 
license for their product. But Netscape participating in this just 
doesn't sound right.

> Since I am inherently optimistic, one ray of light may be that the San Jose
> Mercury News was mentioning the ability to export the system, and then when
> the necessary licenses (US and foreign) were obtained, turn on the
> encryption.  I guess from this that the encryption is in hardware.  Now,
> software/hardware interfaces are usually fairly simple, so what we have
> here is a software system with a crypto hook.

One possibility is that all crypto is done in hardware. The recent 
announcements by many hardware manufacturers that smartcard readers will 
be included in all their products (MS will put them into their keyboards) 
might get the necessary infrastructure deployed.

Of course, no crypto will work without the hardware token. The 
applications use signed code. Hardware tokens are only valid for a 
certain time. Making future mandatory upgrades to Fortezza, etc. a cinch.

--Lucky