Newsgroups: sci.crypt
Path: cantaloupe.srv.cs.cmu.edu!rochester!udel!darwin.sura.net!news-feed-1.peachnet.edu!umn.edu!csus.edu!netcom.com!strnlght
From: strnlght@netcom.com (David Sternlight)
Subject: Re: Once tapped, your code is no good any more.
Message-ID: <strnlghtC5nrHw.1qB@netcom.com>
Organization: DSI/USCRPAC
References: <tcmayC5M2xv.JEx@netcom.com> <1qpg8fINN982@dns1.NMSU.Edu> <115863@bu.edu>
Distribution: na
Date: Sun, 18 Apr 1993 02:41:55 GMT
Lines: 43

In article <115863@bu.edu> uni@acs.bu.edu (Shaen Bernhardt) writes:

>
>I wish I could agree with you.  Ask yourself this.  Why would any private
>sector entity wish to buy a crypto system that was KNOWN to be at least
>partially compromised? (Key escrows in this instance)  Why would any
>private sector entity wish to buy a crypto system that had not been properly
>evaluated?  (i.e. algorythm not publically released)
>The answer seems obvious to me, they wouldn't.  There is other hardware out
>there not compromised.  DES as an example (triple DES as a better one.)

What follows is my opinion. It is not asserted to be "the truth" so no
flames, please.  It comes out of a background of 20 years as a senior
corporate staff executive in two Fortune 50 companies.

I'd be happy to use a crypto system supplied by the NSA for business, if
they told me it was more secure than DES, and in particular resistant to
attempts by Japanese, French, and other competitive companies and
governments to break.

I'd be happy to do so even with escrowed keys, provided I was happy about
the bona fides of the escrow agencies (the Federal Reserve would certainly
satisfy me, as would something set up by one of the big 8 accounting firms).

I'd trust the NSA or the President if they stated there were no trap
doors--I'd be even happier if a committee of independent experts examined
the thing under seal of secrecy and reported back that it was secure.

I'd trust something from the NSA long before I'd trust something from some
Swiss or anybody Japanese.

This may seem surprising to some here, but I suggest most corporations would
feel the same way. Most/many/some (pick one) corporations have an attitude
that the NSA is part of our government and "we support our government", as
one very famous CEO put it to me one day.

Just some perspective from another point of view.

-- 
David Sternlight         Great care has been taken to ensure the accuracy of
                         our information, errors and omissions excepted.  


