[2314] in cryptography@c2.net mail archive
Re: Rivest's Wheat & Chaff - A crypto alternative
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Mon Mar 23 13:51:16 1998
To: Vin McLellan <vin@shore.net>
Cc: cryptography@c2.net
From: Marc Horowitz <marc@cygnus.com>
Date: 23 Mar 1998 12:20:29 -0500
In-Reply-To: Vin McLellan's message of Sun, 22 Mar 1998 02:59:26 -0500
Ron's chaffing technique is technically interesting, but I don't think
it's the Answer. What is to prevent the BXA from declaring that
chaffing software is an EI, and therefore export controlled? Once
chaffing is EI, I might as well use encryption, it's a lot less
bandwidth-intensive.
Admittedly, this does not address MKE. Having no authentication keys
at all to disclose is an interesting idea, but practically speaking,
people don't usually agree out of band on a secret which is used for a
single session. They use a third party, or they negotiate a key.
Either of these provides a place where the government could
conceivably require recovery, without mandating disclosure of
authentication keys.
For the record, I'm for the free use of cryptography. If chaffing can
make that come about, I won't complain :-) But I think we should be
realistic here. Arguments based on reason and logic appeal to us, but
seem to bounce right off the US Government.
Marc
