[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: VeriSign Granted First Federal Approval to Issue CertificatesEnabling Export of Strong Encryption
At 2:16 PM -0400 7/15/97, ptharrison wrote, on [email protected]:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>At 11:49 AM 7/15/97 -0400, VERISIGN PR wrote:
>>---------------------------------------------------------------------
>>...allowing approved organizations to use 128-bit encryption
>>... U.S.-based companies -- with servers located in the U.S. --
>> and international banks -- with servers located in the US and abroad --
>>... was granted approval after review and consultation
>> from the National Security Agency (NSA) and Federal Bureau of Investigation
>> (FBI).
>> ...Companies will not need to escrow their keys in order
>> to take advantage of this program.
>> ...VeriSign...can ensure that...Global Server IDs will only be granted to >
>> > legitimate businesses that meet the necessary U.S. government
>qualifications
>> Thanks to the cooperation of the U.S. government, we are now able to offer
>>law-> abiding companies a legal alternative for secure communication and
>>commerce."
>> ...
>> MICROSOFT
>> said Mike Dusche, "The U.S. government is sending a strong message to the
>world
>> by approving these applications and we're happy to be working with them...
>
>Yes, and what might that message be?
With this announcement, it has become clear to me what the US government is
attempting to do. They are relaxing the export of strong crypto -- if you
use a US-based certification authority. Why does this matter? Look at the
Kerry bill. My guess is that they already know that Verisign will go along
with a key escrow requirement, in exchange for protection from liability,
and so their goal now is to put Verisign in the loop as much as possible.
I started to think of the loopholes this could create -- US companies
outsourcing web sites for foreign companies, etc. Then I realized: IT
DOESN'T MATTER, as far as the US government is concerned, because they're
going to have those keys escrowed. The Kerrey bill may not pass this
go-around, but they are counting on something like this.
The hard part, now, is to figure out how to explain this to industry,
public and the press, without sounding like raving lunatics. We meed to
make it more concrete. Remind people that certificates expire every year,
and point them at the Kerrey legislation. Ask foreign banks how they feel
about their transactions being fully accessible to the US government -- or
anyone capable of bribing a low-level functionary in the US government.
--Steve
PGP mail preferred, see http://web.mit.edu/network/pgp.html
PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear (N7ZEZ) | Internet: [email protected]
7075 West Gowan Road | Voice: 1-702-658-2654
Suite 2148 | Fax: 1-702-658-2673
Las Vegas, NV 89129 |
---------------------------------------------------------------------
God grant me the serenity to accept the things I cannot change;
The courage to change the things I can;
The weapons that make the difference;
And the wisdom to hide the bodies of the people that got in my way;-)
"Surveilence is ultimately just another form of media, and thus,
potential entertainment."
--G. Beato
"We've all heard that a million monkeys banging on a million
typewriters will eventually reproduce the entire works of
Shakespeare. Now, thanks to the Internet, we know this is
not true." -- Dr. Robert Silensky