[1034] in cryptography@c2.net mail archive
Re: (Fwd) New crypto bill clears committee
daemon@ATHENA.MIT.EDU (Rick Smith)
Fri Jun 20 13:06:36 1997
In-Reply-To: <199706201156.HAA00362@homeport.org>
Date: Fri, 20 Jun 1997 10:51:01 -0600
To: Adam Shostack <adam@homeport.org>, trei@process.com
From: Rick Smith <smith@securecomputing.com>
Cc: cryptography@c2.net
At 7:56 AM -0400 6/20/97, Adam Shostack wrote:
>I plan to spend a substaintial portion of my day explaining to the
>large companies I consult with that this is a very bad thing, and they
>should be opposing its advance.
I think the primary issue is that key escrow will make electronic commerce
more expensive to try out and deploy. It's going to make *all* crypto
devices more expensive. ANY mandatory feature in a product makes the
product more expensive (think of cars with airbags, 5MPH bumpers, ignition
lockouts tied to seat belts, etc). Most managers will understand this.
E-commerce will only make it if you can keep the price per transaction
really low. If the crypto portion of the product is more expensive (to pay
for the escrow "features") then there's less money to spend on other
aspects of the system's security. Ross Anderson's papers on banking systems
show that non-technical aspects of the system are often attacked
successfully, regardless of what crypto you use. Less money on equipment
gives you more money to spend on management.
Rick.
smith@securecomputing.com secure computing corporation
"Internet Cryptography" soon in print http://www.visi.com/crypto/
