[2711] in cryptography@c2.net mail archive
Re: Secure Office
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Fri May 15 19:45:20 1998
To: Eric Young <eay@cryptsoft.com>
Cc: cryptography@c2.net
From: Marc Horowitz <marc@cygnus.com>
Date: 15 May 1998 16:28:03 -0400
In-Reply-To: Eric Young's message of Fri, 15 May 1998 14:41:39 +1000 (EST)
Eric Young <eay@cryptsoft.com> writes:
>> As a point of trivia, all of you people with your Genuine BSAFE 3.0
>> libraries, which cannot leave the 'land of the free', have a look
>> in the manuals, in the first few pages. There is attribution to a
>> certain Eric Young for use of the core of his DES implementation in
>> that particular toolkit. If people outside the USA cannot
>> implement crypto algorithms, how did this occur?
This rhetorical point is getting old. The government doesn't *care*
about DES implementations and crypto libraries. They are under no
illusion about the availability of crypto outside the US. However,
they understand that the US currently controls the commercial software
market. What really scares them, what keeps them up at night, is that
somday, Windows will ship with strong, nonescrowed crypto, which is on
by default and always there. Because the stupid criminals aren't
using PGP, but if crypto really were ubquitous, they would be using
crypto, probably by accident. And that would make the government's
job (both the legitimate and illegitimate parts) harder.
Microsoft, for those who haven't noticed, is in the US. But the
government can't exactly say that libraries are ok, but OS's and
applications are not; their position is inconsistent enough as it is.
So they restrict everything (except books-on-dead-trees, because the
courts would nail them instantly on that, and they know it).
The government has been quite successful in limiting the spread of the
*use* of crypto. If you think this is false, then you don't
understand what they are trying to do.
It's not that people outside the USA can't implement crypto. They
can, and quite well. What they cannot do is get lots of people to use
it. Eric, if you can compete effectively with Microsoft, I heartily
encourage you to do so, and please don't stop at just making the
crypto better.
Another point of trivia: the PGP keyservers have fewer than 200,000
keys on them. This is a lot, but it's a tiny fraction (1%?) of global
internet users.
Marc
