[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPv6 Security Last Call Initial Questions
>I suspect Jim is right and there are many who share this position - i.e.
>we need exportable version but hate to admit it since it's so crazy...
It's my belief that if the working group wants to attempt
to standardize on something exportable, you may as well pack up
right now.
This is based on a combination of practical and paranoid
concerns that normally I'd be reluctant to discuss for fear of
seeming like a whacko. :) But export control is an issue that
doth make whackos of us all, it would appear.
1) Exportable crypto is breakable crypto. That is in the
definition of the term "exportable" under the way NSA is
currently managing the situation.
2) Exportable crypto is not a "make them all happy"
situation and is US-centric. Other governments may well
feel that ANY crypto is not exportable, or even useable.
Even if the NSA is satisfied, do the vendors propose to
also satisfy the French, and the Chinese, and Pakistan,
and other governments that have very restrictive laws
pertaining to crypto?
If the feeling of the vendors, as expressed by Jim Bound
from Digital is that the vendors must make governments
happy and have products that will make governments happy,
their only reasonable recourse is to leave crypto out of
their products.
3) Standards fragementation: IP encryption based on
exportable encryption will result in a standard that
very quickly becomes de facto ignored and which will
become at least DES-based or possibly IDEA or something
that will *really* PO the intelligence community.
I suspect that the response to this risk will be that
they will request onerous restrictions and proofs
that the algorithm is tied to the implementation, as
a condition for export. Remember that export control
covers not only algorithms but complete systems. The
vendors will find themselves in the situation of having
to not only implement weak products, but they'll
have to jump through hoops to prove to law enforcement
and intelligence that their product cannot POSSIBLY
be modified to include strong encryption. Good
luck doing that.
The net effect is that a standard incorporating only
exportable crypto will be quickly shafted. The
intelligence community will know this [The PGP
experience is one they still remember] and will
be disinclined to approve anything at all.
4) If you can't lick, 'em, delay them. This is where I
get paranoid. :) When you want deploy crypto, even
exportable toy crypto, there are a number of hoops you
have to jump through. I'm not sure that it's possible
to get blanket permission to include any given
algorithm in a broad class of products. The question
hidden in this is whether or not the sheer bureaucracy
of getting permission to use even exportable crypto
will continue to exert a cooling effect on the
technology.
It gets worse for a vendor that has a vested interest
(i.e.: an implementation they want to sell) in getting
approval for a given exportable algorithm. Once you
have built it into your product and you've bought into
the system, you're now subject to whatever infinite
foot-dragging and justification can be thought up.
In my somewhat paranoid thinking, exportable crypto
is a subtle poison that ensures vendor buy-in. It's
ridiculous, really -- it is *FAR* cheaper to simply
buy good encryption products from overseas, than to
play the exportable crypto game. It is my paranoid
belief that NSA is making more open noises about
exportable crypto as a way of luring the cattle into
feeding from their trough.
5) Exportable crypto will not make NSA happy enough
to let it be used as a global network protection system
anyhow. Examination of recent trends indicates that
intelligence/law enforcement understands the problems
of scale posed by even low-quality crypto. The wiretap
bill was the leading edge of the wedge. I suspect that
if the intelligence community is faced with seeing huge
amounts of encrypted data going in and out, they will
balk. It'd be difficult for them to sort the wheat from
the chaff and since right now they feel they hold all
the cards there's no reason for them to be nice about
it.
In short, it's my belief, based on observation of the
past actions of the intelligence community and law enforcement,
that they're not going to let even low-level encryption become
widely deployed. Treating with them in any way gives them a
degree of control over the situation that renders it impossible
to act effectively.
mjr.
Follow-Ups:
References: