[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 Security Last Call Initial Questions

To: amir@watson.ibm.com
Subject: Re: IPv6 Security Last Call Initial Questions
From: "Marcus J. Ranum" <mjr@tis.com>
Date: Mon, 3 Apr 1995 11:32:56 -0400 (EDT)
Cc: bound@zk3.dec.com, tytso@MIT.EDU, perry@imsi.com, ipsec@ans.net
Coredump: Infocalypse Now!!!
In-Reply-To: <199504031325.AA12544@interlock.ans.net> from "ipsec-request@ans.net" at Apr 3, 95 08:59:26 am
Organization: Trusted Information Systems, Inc. Glenwood, MD
Phone: 301-854-6889

>I suspect Jim is right and there are many who share this position - i.e.
>we need exportable version but hate to admit it since it's so crazy...

	It's my belief that if the working group wants to attempt
to standardize on something exportable, you may as well pack up
right now.

	This is based on a combination of practical and paranoid
concerns that normally I'd be reluctant to discuss for fear of
seeming like a whacko. :) But export control is an issue that
doth make whackos of us all, it would appear.

	1) Exportable crypto is breakable crypto. That is in the
	definition of the term "exportable" under the way NSA is
	currently managing the situation.

	2) Exportable crypto is not a "make them all happy"
	situation and is US-centric. Other governments may well
	feel that ANY crypto is not exportable, or even useable.
	Even if the NSA is satisfied, do the vendors propose to
	also satisfy the French, and the Chinese, and Pakistan,
	and other governments that have very restrictive laws
	pertaining to crypto?

	If the feeling of the vendors, as expressed by Jim Bound
	from Digital is that the vendors must make governments
	happy and have products that will make governments happy,
	their only reasonable recourse is to leave crypto out of
	their products.

	3) Standards fragementation: IP encryption based on
	exportable encryption will result in a standard that
	very quickly becomes de facto ignored and which will
	become at least DES-based or possibly IDEA or something
	that will *really* PO the intelligence community.
	I suspect that the response to this risk will be that
	they will request onerous restrictions and proofs
	that the algorithm is tied to the implementation, as
	a condition for export. Remember that export control
	covers not only algorithms but complete systems. The
	vendors will find themselves in the situation of having
	to not only implement weak products, but they'll
	have to jump through hoops to prove to law enforcement
	and intelligence that their product cannot POSSIBLY
	be modified to include strong encryption. Good
	luck doing that.

	The net effect is that a standard incorporating only
	exportable crypto will be quickly shafted. The
	intelligence community will know this [The PGP
	experience is one they still remember] and will
	be disinclined to approve anything at all.

	4) If you can't lick, 'em, delay them. This is where I
	get paranoid. :) When you want deploy crypto, even
	exportable toy crypto, there are a number of hoops you
	have to jump through. I'm not sure that it's possible
	to get blanket permission to include any given
	algorithm in a broad class of products. The question
	hidden in this is whether or not the sheer bureaucracy
	of getting permission to use even exportable crypto
	will continue to exert a cooling effect on the
	technology.

	It gets worse for a vendor that has a vested interest
	(i.e.: an implementation they want to sell) in getting
	approval for a given exportable algorithm. Once you
	have built it into your product and you've bought into
	the system, you're now subject to whatever infinite
	foot-dragging and justification can be thought up.
	In my somewhat paranoid thinking, exportable crypto
	is a subtle poison that ensures vendor buy-in. It's
	ridiculous, really -- it is *FAR* cheaper to simply
	buy good encryption products from overseas, than to
	play the exportable crypto game. It is my paranoid
	belief that NSA is making more open noises about
	exportable crypto as a way of luring the cattle into
	feeding from their trough.

	5) Exportable crypto will not make NSA happy enough
	to let it be used as a global network protection system
	anyhow. Examination of recent trends indicates that
	intelligence/law enforcement understands the problems
	of scale posed by even low-quality crypto. The wiretap
	bill was the leading edge of the wedge. I suspect that
	if the intelligence community is faced with seeing huge
	amounts of encrypted data going in and out, they will
	balk. It'd be difficult for them to sort the wheat from
	the chaff and since right now they feel they hold all
	the cards there's no reason for them to be nice about
	it.

	In short, it's my belief, based on observation of the
past actions of the intelligence community and law enforcement,
that they're not going to let even low-level encryption become
widely deployed. Treating with them in any way gives them a
degree of control over the situation that renders it impossible
to act effectively.

mjr.

Follow-Ups:

Re: IPv6 Security Last Call Initial Questions

From: " " <amir@watson.ibm.com>

References:

Re: IPv6 Security Last Call Initial Questions

From: " " <amir@watson.ibm.com>

Prev by Date: Re: IPv6 Security Last Call Initial Questions
Next by Date: Proposals for key-ed MD5
Prev by thread: Re: IPv6 Security Last Call Initial Questions
Next by thread: Re: IPv6 Security Last Call Initial Questions
Index(es):
- Main
- Thread