[2940] in cryptography@c2.net mail archive
Cisco, NAI propose new key recovery
daemon@ATHENA.MIT.EDU (James Glave)
Mon Jul 13 11:41:12 1998
Date: Mon, 13 Jul 1998 07:17:15 -0700
To: cryptography@c2.net
From: James Glave <james@wired.com>
(I'm a journalist doing a story for Wired News (http://www.wired.com) on
this new proposal put forth by Cisco and NAI for building key recovery into
routers. If anyone wants to chat about it, please drop me a note to
james@wired.com or give me a call at (415) 276-8430. I expect to publish by
9am PST monday - thanks all.)
July 13, 1998
Cisco to Offer New Approach
To Encryption Technology
By RALPH T. KING, JR. and JOHN SIMONS
Staff Reporters of THE WALL STREET JOURNAL
A computer-industry group will offer Monday a new
approach to
encryption technology that would keep electronic
messages secure but still
enable government officials to "eavesdrop" for law
enforcement.
The group, led by Cisco Systems Inc., San
Jose, Calif., hopes the solution will persuade
the government to ease export restrictions that
have made overseas competition difficult for U.S.
hardware and software
manufacturers. Government officials and
computer-industry representatives
have been locked in a frustrating impasse for years,
unable to resolve
Federal Bureau of Investigation concerns that encryption
products would
help criminals mask their misdeeds in e-mail and other
types of
communication.
Various past plans that initially seemed promising have
proved
unworkable. Advocates of the Cisco proposal say their
approach is not
foolproof, but hope it could finally begin to break the
logjam.
"It's not the complete answer, but it's a very positive
step," said Gene
Hodges, vice president of marketing for Network
Associates Inc. in Santa
Clara, Calif.
Members of the group seeking export licenses for the
technology besides
Cisco and Network Associates include Sun Microsystems
Inc., Palo Alto,
Calif.; Novell Inc., Provo, Utah; and Hewlett-Packard
Co., Palo Alto.
Other companies supporting the initiative are Microsoft
Corp., Redmond,
Wash.; Intel Corp., Santa Clara; and Netscape
Communications Corp.,
Mountain View, Calif.
White House officials said the plan helps lead industry
and government in a
"refreshing new direction" in its pursuit of an
agreeable solution to
encryption export controls. "We welcome this creative
and innovative
plan," said an administration official familiar with the
proposal.
The technology would allow data to be scrambled for
privacy but provide
restricted access to it at the beginning and end of each
transmission, the
access points, so-called "private doorbells," are inside
routers, the
computers that direct data traffic, or inside software
that control such
networks.
In simple terms, the system works as if it were
operating at both ends of a
string connecting two tin cans. Data travels down the
string in scrambled
form. But before it leaves one can, and once it reaches
the other, it is
unscrambled and can be retrieved if the address of the
sender or receiver
are known. The routers, or the controlling software, can
be programmed
to pull out the messages to or from a specific address.
But under certain scenarios, the approach might not
work. For example, if
two parties encrypted their messages before sending
them, the intercepted
traffic would be impossible to decipher. So-called
end-to-end encryption
is widely available. "There are limits to what this
technology can do," said
an executive with one of the member companies. "This is
a lock on a door,
but there will need to be other locks on doors, as well,
to achieve the kind
of security we want."
Officials at both the Commerce and Justice departments
will review the
plan in the coming weeks. According to one
administration official, "We
expect that there will be a number of issues that will
need to be resolved.
We want to be sure that the approach strikes a good
balance between
protecting business information and national security
and law-enforcement
interests."
James Glave, News Editor, Wired News, http://www.wired.com (415) 276-8430
