[3709] in cryptography@c2.net mail archive
Re: Wassenaar vs. CipherSaber
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Sat Dec 5 11:05:36 1998
Date: Sat, 05 Dec 1998 02:17:07 +0000
To: Jay Holovacs <holovacs@idt.net>
From: "Steven M. Bellovin" <smb@research.att.com>
Cc: jim@acm.org, cryptography@c2.net
In-Reply-To: <3.0.1.32.19981204195632.0071546c@pop3.idt.net>
At 07:56 PM 12/4/98 -0500, Jay Holovacs wrote:
>At 06:09 PM 12/4/98 -0500, Steve Bellovin wrote:
>>
>>I'm glad the site is up, but for many purposes it solves the wrong problem.
>>Encryption algorithms are easy to write, or even to type in or scan from
>>printed programs. But what's interesting is easy-to-use crypto, or
>>crypto that can interoperate. Remember that most of PGP is *not*
>>crypto algorithms.
>>
>But...wrapper programs (provided they are generic, such as a really
>configurable text editor) are not export controlled, all the user needs is
>the engine. I can imagine all sorts of flexible email programs....
In the days of the old Republic, before the Empire came, people routinely
wrote easily composible tools. Today, though, most programmers seem
to have turned to the dark side of the mouse...
More seriously -- yes, in principle you're right, though a generic database
program may not map well into the needs of a public key database that
needs to understand CRLs. But my point remains -- most of the code
in almost any cryptographic system has nothing to do with cryptography
per se. It just happens to be fairly specialized, without ever mentioning
an algorithm.
