Subject: Re: Once tapped, your code is no good any more.
From: a_rubin@dsg4.dse.beckman.com (Arthur Rubin)
Distribution: na
Organization: Beckman Instruments, Inc.
Nntp-Posting-Host: dsg4.dse.beckman.com
Lines: 60

In <strnlghtC5nrHw.1qB@netcom.com> strnlght@netcom.com (David Sternlight) writes:

>In article <115863@bu.edu> uni@acs.bu.edu (Shaen Bernhardt) writes:

>>
>>I wish I could agree with you.  Ask yourself this.  Why would any private
>>sector entity wish to buy a crypto system that was KNOWN to be at least
>>partially compromised? (Key escrows in this instance)  Why would any
>>private sector entity wish to buy a crypto system that had not been properly
>>evaluated?  (i.e. algorythm not publically released)
>>The answer seems obvious to me, they wouldn't.  There is other hardware out
>>there not compromised.  DES as an example (triple DES as a better one.)

>What follows is my opinion. It is not asserted to be "the truth" so no
>flames, please.  It comes out of a background of 20 years as a senior
>corporate staff executive in two Fortune 50 companies.

No wonder American businesses are going down the tubes! :-|

>I'd be happy to use a crypto system supplied by the NSA for business, if
>they told me it was more secure than DES, and in particular resistant to
>attempts by Japanese, French, and other competitive companies and
>governments to break.

(It's NIST, not NSA.  NSA is not supposed to have anything to do with this.)
They didn't say that.  They said is was better than some commercial-grade
encryptions.  I, for one, wouldn't trust them if they did, unless they
release the algorithm for investigation.

>I'd be happy to do so even with escrowed keys, provided I was happy about
>the bona fides of the escrow agencies (the Federal Reserve would certainly
>satisfy me, as would something set up by one of the big 8 accounting firms).

Maybe the ACLU and EFF.  (It would have to be a non-profit, so the big 8
would be out.)

>I'd trust the NSA or the President if they stated there were no trap
>doors--I'd be even happier if a committee of independent experts examined
>the thing under seal of secrecy and reported back that it was secure.

I wouldn't trust the NSA.  I think I would trust the President on this, but
I'm not certain he would be told.

>I'd trust something from the NSA long before I'd trust something from some
>Swiss or anybody Japanese.

That's your problem.

>This may seem surprising to some here, but I suggest most corporations would
>feel the same way. Most/many/some (pick one) corporations have an attitude
>that the NSA is part of our government and "we support our government", as
>one very famous CEO put it to me one day.

I want to emphasize the I am not speaking for Beckman Instruments at this
point.  However, we are an international company, and I would like to think
that our customers come first, ahead of our government's whims.
--
Arthur L. Rubin: a_rubin@dsg4.dse.beckman.com (work) Beckman Instruments/Brea
216-5888@mcimail.com 70707.453@compuserve.com arthur@pnet01.cts.com (personal)
My opinions are my own, and do not represent those of my employer.
