DTI White Paper on Export Control

[Ian G Batten]

-----BEGIN PGP SIGNED MESSAGE-----

> Alternatively, you can (or could) buy IDEA licences direct from
> the patent holder and use the freely available PGP sources. That
> was our belief to be sufficient to legally use PGP in the UK.

Moreover, implementing DH key-exchange and a simple stream
cipher took me two days in Java, targetting a rather crude
environment (an HDS X terminal) and spending most of the
time fixing the buggy bignum library I'd picked up on the
net and adding modular exponentiation, and a lot more time
debugging a primality-tester I'd (mis-)implemented.  I used
this to write a Java port-forwarder, so I can run encrypted
X from my X terminal.

These days, when Java contains a bignum library, primality
tester and so on, even if you had to implement DH and ---
for the sake of argument --- 3DES from scratch, I can't
believe it's more than a week's work to produce something a
group could use to communicate.

The DTI/GCHQ/NSA idea, that crypto is `hard' and if only
they can restrict its availability as a commodity they can
restrict its use, I think says more about their contempt for
everyone else than any objective reality.  Yes, most of us
can't design new and strong crypto systems.  But
implementing the stuff that's out there is within the reach
of any decent computer person.

ian

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQB1AwUBNaHNkMoy0yij3IvtAQHyfgL/cKn4Nuo28ai3fcxqm6M4ji++O8Dk5SHF
x3RQomOIvhn9ybx8EhpbTZR71F1APy4t/SHyV4Zp6RM1BZPs7HghUWyCH2J7lf47
uOPg1cMANr5S1i1FaoJxYAjKh9idYnSv
=DEHg
-----END PGP SIGNATURE-----