[2950] in cryptography@c2.net mail archive
Re: Cisco, NAI propose new key recovery
daemon@ATHENA.MIT.EDU (Bill Frantz)
Tue Jul 14 12:23:30 1998
In-Reply-To: <199807131418.HAA01240@wired.com>
Date: Mon, 13 Jul 1998 21:43:57 -0800
To: James Glave <james@wired.com>, cryptography@c2.net
From: Bill Frantz <frantz@netcom.com>
This proposal doesn't protect against packet sniffing by people on the same
LAN as the sender or recipient. It also doesn't protect against telephone
taps for dial up ISPs or packet sniffing on cable TV IP networks. As such,
it doesn't even begin to solve the confidentiality problem for a large
class of network users.
At 6:17 AM -0800 7/13/98, James Glave wrote:
>(I'm a journalist doing a story for Wired News (http://www.wired.com) on
>this new proposal put forth by Cisco and NAI for building key recovery into
>routers. If anyone wants to chat about it, please drop me a note to
>james@wired.com or give me a call at (415) 276-8430. I expect to publish by
>9am PST monday - thanks all.)
>
>July 13, 1998
> Cisco to Offer New Approach
> To Encryption Technology
>
> By RALPH T. KING, JR. and JOHN SIMONS
> Staff Reporters of THE WALL STREET JOURNAL
>
> A computer-industry group will offer Monday a new
>approach to
> encryption technology that would keep electronic
>messages secure but still
> enable government officials to "eavesdrop" for law
>enforcement.
>
> The group, led by Cisco Systems Inc., San
> Jose, Calif., hopes the solution will persuade
> the government to ease export restrictions that
> have made overseas competition difficult for U.S.
>hardware and software
> manufacturers. Government officials and
>computer-industry representatives
> have been locked in a frustrating impasse for years,
>unable to resolve
> Federal Bureau of Investigation concerns that encryption
>products would
> help criminals mask their misdeeds in e-mail and other
>types of
> communication.
>
> Various past plans that initially seemed promising have
>proved
> unworkable. Advocates of the Cisco proposal say their
>approach is not
> foolproof, but hope it could finally begin to break the
>logjam.
>
> "It's not the complete answer, but it's a very positive
>step," said Gene
> Hodges, vice president of marketing for Network
>Associates Inc. in Santa
>
> Clara, Calif.
>
> Members of the group seeking export licenses for the
>technology besides
> Cisco and Network Associates include Sun Microsystems
>Inc., Palo Alto,
> Calif.; Novell Inc., Provo, Utah; and Hewlett-Packard
>Co., Palo Alto.
> Other companies supporting the initiative are Microsoft
>Corp., Redmond,
> Wash.; Intel Corp., Santa Clara; and Netscape
>Communications Corp.,
> Mountain View, Calif.
>
> White House officials said the plan helps lead industry
>and government in a
> "refreshing new direction" in its pursuit of an
>agreeable solution to
> encryption export controls. "We welcome this creative
>and innovative
> plan," said an administration official familiar with the
>proposal.
>
> The technology would allow data to be scrambled for
>privacy but provide
> restricted access to it at the beginning and end of each
>transmission, the
> access points, so-called "private doorbells," are inside
>routers, the
> computers that direct data traffic, or inside software
>that control such
> networks.
>
> In simple terms, the system works as if it were
>operating at both ends of a
> string connecting two tin cans. Data travels down the
>string in scrambled
> form. But before it leaves one can, and once it reaches
>the other, it is
> unscrambled and can be retrieved if the address of the
>sender or receiver
> are known. The routers, or the controlling software, can
>be programmed
> to pull out the messages to or from a specific address.
>
> But under certain scenarios, the approach might not
>work. For example, if
> two parties encrypted their messages before sending
>them, the intercepted
> traffic would be impossible to decipher. So-called
>end-to-end encryption
> is widely available. "There are limits to what this
>technology can do," said
> an executive with one of the member companies. "This is
>a lock on a door,
> but there will need to be other locks on doors, as well,
>to achieve the kind
> of security we want."
>
> Officials at both the Commerce and Justice departments
>will review the
> plan in the coming weeks. According to one
>administration official, "We
> expect that there will be a number of issues that will
>need to be resolved.
> We want to be sure that the approach strikes a good
>balance between
> protecting business information and national security
>and law-enforcement
> interests."
>
>
>James Glave, News Editor, Wired News, http://www.wired.com (415) 276-8430
-------------------------------------------------------------------------
Bill Frantz | If hate must be my prison | Periwinkle -- Consulting
(408)356-8506 | lock, then love must be | 16345 Englewood Ave.
frantz@netcom.com | the key. - Phil Ochs | Los Gatos, CA 95032, USA
