Re: Balderdash

[Jeff Williams <jwkckid1@ix.netcom.com>]

Thom,

  Balderdash to you to Thom.  Read below your comments for the rest.

Thom Stark wrote:
> 
> Jeff Williams stated:
> 
> >   As I stated earlier.  56 bit AUTHENTICATION also applies
> > to munitions ITAR requrinments.  See attached.
> >
> > DEPARTMENT OF COMMERCE
> > Bureau of Export Administration
> > 15 CFR Parts 730, 732, 734, 736, 738, 740, 742, 744, 748, 750, 768,
> > 772, and 774
> > [Docket No. 960918265-6366-03]
> > RIN 0694-AB09
> >
> > Encryption Items Transferred From the U.S. Munitions List to the
> > Commerce Control List
> > AGENCY: Bureau of Export Administration, Commerce.
> > ACTION: Interim rule.
> 
> <massive deletia>
> 
> > or manufacture abroad of encryption commodities and software controlled
> > for EI reasons and makes conforming changes throughout the EAR.
> 
> You misunderstand the thrust of the Executive Order and the Commerce
> Department Interim Rule which implements it.  It speaks to the export
> of 56-bit crypto and the prerequisite of a commitment to developing a
> domestically-escrowed "key recovery" plan, NOT the use of public key
> algorithms for authentication.

  This is correct.  BUt you did not read the rest of the document.
Please do so.  
> 
> In the past, you have made a number of absurd remarks regarding
> encryption, including the assertion that you, personally, regularly
> break 40-bit encryption "in two minutes" on your laptop.  I have held my
> peace until now, but your posts completely lose their charm when you
> quote in support of your position a 300+ line document IN ITS ENTIRETY,
> which document not only fails to support your position, but speaks to a
> separate (albeit related) issue altogether.

  This document does support my possition though not directly.  As I 
have repeatedly stated, and posted links to relating to PGP
International
EXPORT restrictions as they relate th what precious little, and
ambigously
stated, in section 7 of the the Dec. 19th draft are restricted in the
ITAR regulations for BOTH IMPORT and EXPORT of Key sizes for the 
use of encryption and/or AUTHENTICATION is 56 bits currently with Canada
being the exception on said restriction.

  I have, broken the 40 bit authentication digital signature on my
laptop on several occasions in the past year. This has been done
by several others involved in the security protocol development
area of PC/Server based encryption/Authentication Protocols and 
related interfaces.  We market such and interface currently.

  Using a dirivitive of SATAN, this is quite easy to do.
I only point this out, as I have repeatedly said and a few 
others, and now you have contested, that as a matter related 
to the Dec 19 draft, section 7.  Which I believe is quite weak.

  It is true that any key size can be used for private use.  But 
that is not the case for commercial international uses as they
relate to this discussion.

  In addition, I did not open theis thread.  I am mearly remarking
on others contention that the international version of PGP could
be used for perposes of security for confidential forms transmission
where financial data may be related nor the electronic transfer of
funds for any perpose(though this is currently not being enforced
heavely currently, but does pose a problem).  

  In addition I can see that your knowledge in this area is limited
as I have noticed two or three others whom have posted remarks along
these lines.  

  Bone up guy!    

Regards,
-- 
Jeffrey A. Williams
DIR. Internet Network Eng/SR. Java Development Eng.
Information Eng. Group. 
Phone :972-447-1878
E-Mail jwkckid1@ix.netcom.com