Germany Frees Crypto

Brian Gladman gladman at seven77.demon.co.uk
Tue, 8 Jun 1999 08:55:55 +0100 

From: Michael Bacon <streaky_Bacon@email.msn.com>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: 07 June 1999 11:26 AM
Subject: RE: Germany Frees Crypto


[snip]

> > The open world still has to learn much of this.
> > I believe that this will happen at a rapidly increasing rate
> > so I don't think this advantage will last much more than a few more
years
> > but it is there now and it means that key length just gives an unlikely
> > upper limit on the security that applications offer.
>
> Here I disagree with Brian.  My experience is that companies tolerate
> security but don't appreciate it's value.  Recently a major industrial
name
> enquired of me about implementing e-mail security world-wide.  On
> investigation I found that the same message would be sent by a number of
> different electronic media (e-mail, fax, telex, even telephone).  They
>  were only interested in securing e-mail and wanted to use encryption,  I
> explained that replicating and sending the message in clear by other means
> in addition to e-mail made a nonsense of their case for encrypted e-mail
> and also compromised the security offered by the cyrpto system for
> non-replicated messages.  Their reaction was one of disbelief and
'complete
> ignoral'.  I pointed out that in many of their offices a single telephone
> line would carry e-mail (dial-up) telephone and fax and that it was
trivial
> to tap telephones.  This too was met with bland incredulity.
>

I agree with you here - maybe my original post was badly worded.  What I
meant was that the open world will increasingly discover the ***technical***
implementation requirements that need to be met if an application that
relies on cryptography is to achieve the level of security provided by the
underlying algorithm(s).  However, I am doubtful that this will change
things much since thee needs to be pressure from consumers before companies
will be prepared to make these quite substantial investments.

I agree completely that there is the much wider issue of educating users
since it is only too obvious from even Enigma, 50+ years ago, that a
superhuman effort by designers can be thrown away in an instant by just one
or two lapses in security in operational use.

You are right - until the community at large values security and privacy, we
will not have any.

           Brian