[398] in cryptography@c2.net mail archive
Re: Dorothy and the four Horseman
daemon@ATHENA.MIT.EDU (Michael C Taylor)
Thu Mar 20 12:44:57 1997
Date: Thu, 20 Mar 1997 12:08:31 -0400 (AST)
From: Michael C Taylor <mctaylor@mta.ca>
To: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
cc: cryptography@c2.net
In-Reply-To: <970319131815.20233928@hobbes.orl.mmc.com>
On Wed, 19 Mar 1997, A. Padgett Peterson P.E. Information Security wrote:
>
> >Since the percentage of the population who use strong cryptography enough
> >to thwart LEAs is tiny, why worry? I speculate it is less than 100
> >people in US. How many people do you know, use strong encryption for the
> >vast majority of their communications and activities?
>
> The question is leading since few use it for "vast majority". Would say that
> I personally receive about a megabyte a week in 10-20 messages that are
> "strongly encrypted". Further, what do you call the
> remote secure clients (Eagle, Checkpoint, V-One, TIS) for extra Intranet
> connections ? Can count hundreds of using workstations myself and that
> ability did not exist at all until mid-1996.
What percentage of your email is encrypted? ~10%?
What percentage of your physical mail is encrypted? 0%?
What percentage of your phone calls (voice communication) is encrypted?
0-3%?
Currently companies are using strong crypto VPN or S/WAN for inside their
company, but I'd like to know how many inter-corprate S/WAN, VPNs there
are out there.
My point is, while people might use encryption for some of their
communications the vast majority of communication with everyday people is
unencrypted, and tappable.
> Since you are in .ca, what is the effect of the Canadian government's
> decision to adopt ENTRUST ?
The Canadian government has to buy some computers first. The government is
backing a Canadian company, it doesn't matter what they sell so long as it
is a Canadian product.
I think the Canadian government has a bigger problem with keeping the US
governemnt's GAK out of Canada. Entrust might be the answer at the
political level (support Canadian companies). How do you tell Digital,
Microsoft, TIS or anyone who has let GAK-crypto into their products,
to sell strong non-GAK products to Canadian businesses?
Or has the Canadian politicians become Stupid enough to believe the FBI,
CIA, NSA won't help US buinesses spy in Canadian companies? I hope not, I
think it will become EFC (Electronic Frontier Canada) biggest battles.
I think Entrust's support by the Canadian government means that
1) (Entrust?) digital signatures will be clearly legally binding in
Canada.
2) Encryption will no longer be dark/evil/prove-you're-a-criminal in the
public's mind in Canada.
3) More attention to security/privacy of digital info-systems developed
or deployed in Canada. If a company already has Entrust licenced for one
product, they are more likely to reuse Entrust in any other systems.
4) Possibly early groundwork needed for electronic cash in Canada :)
I do not know of any references to the Canadian government adopting
Entrust, could you provide me with some? Thank you.
> But the real explosion will come this year (might get pushed back to 1998)
> when SET takes off.
SET might die a pre-mature death from being so slow to finalise
the standards and implement it. The last time I looked at SET (spring
1996) it (seemed) that it was going to support RSA/DES (ECB?) only.
-Michael
--
Michael C. Taylor <mctaylor@mta.ca> <http://www.mta.ca/~mctaylor/>
Programmer, Mount Allison University, Canada
