Interesting People mailing list archives
IP: Churchill Club: 20th Anniversary PK Crypto
From: Dave Farber <farber () central cis upenn edu>
Date: Tue, 30 Apr 1996 06:35:56 -0400
From: frantz () netcom com (Bill Frantz) The moderator, David Morris of Cylink, introduced the field by discussing the problems of corporate espionage, and privacy concerns vs. public and private databases. He said that the old security paradigms present with face to face business don't work with electronic commerce. He introduced Jim Omura, who gave an overview of PK encryption and introduced Martin Hellman, Ralph Merkle, and Whitfield Diffie. Louis Morris, Cylink CEO, presented them with inscribed glass trophies. Hellman described the key to the early years as being willing to be a fool, because you need to step out of the standard thought patterns. Diffie described the genesis from 1974 to 1978 as going from Merkle's paper, "Secure Communication Over Insecure Channels", thru DH key exchange, to RSA. Since 1976 is the center of gravity of these steps, this year makes a good 20th anniversary. Merkle said it is most striking how long it has taken to be adopted. Networks lead to a need for security, lead to a questioning of regulations on Crypto, which leads to changes in those regulations. Diffie said it is absolutely amazing that it is happening so quickly. "How wonderfully lucky it is we started working 20 years ago." Senator Larry Pressler (R, SD) was introduced via video projector from Washington D.C. He talked about bad government rules and that government should help or at least get out of the way. He talked about the need for exports and to assist US multi-national businesses. The controls hurt US companies. Encryption is the future of industry. If we don't fix the export problem, there are two outcomes. (1) Foreign competition will provide the function, or (2) US companies will move the R&D offshore. Either will cost US jobs. After listing his [off topic] pet bills, he mentioned that he was talking about encryption in software. He said Senator Burns' bill will be introduced tomorrow. Senator Conrad Burns (R, MT) spoke from the podium in a joke filled speech. He talked about the Telecom Bill as a way to do something about giving more people access to the glass highway. He talked about the problem of how do we make sure that people have agreed to a deal on the highway and supporting sales. He said we need the crypto bill to support them. His bill provides for, (1) Export of publicly available software (e.g. PGP and browsers), (2) no GAK, (3) limiting the authority of the Department of Commerce to set standards, and (4) export to countries which equivalent technology. He wants to have public hearings in Silicon Valley. Then questions came from the floor: Q: Why are we streamlining the Department of Commerce when the Department of State and NSA are the problem? Burns: Legislation will deal with this problem and prevent them from blocking export. You may still need a license, but there should be no fences. Pressler: We need to streamline relations between State and Commerce in this area. We need to streamline trade in hi tech. I don't think that state and NSA should have the say. Export is a trade problem. It is a "disaster for American exports." Burns: We are going to need grass-roots support to pass this bill. Q: Where do California's senators (Feinstein and Boxer) stand? Burns: We don't know. Pressler: We didn't have their support on tort reform. Stick with your friends and work for them. Q: Who is against the bill? Burns: People who listen to NSA. People who feel the US needs to be able to watch you. Q: How do you expect administration opposition to show up? A: We don't know yet. Q: Currently encryption is classified as a munition. Will your legislation reclassify it. Pressler: We don't see encryption as a threat to national security. People in Washington D.C. who make a living suppressing information oppose the bill. Burns: We need your knowledge to pass this bill. The senators bid us goodbye and the Congressman Robert Goodlatte (R, VA) was introduced. He said that President Clinton testified for 4.5 hours over an encrypted communication link on the McDougall trial. His bill is called Security And Freedom thru Encryption (SAFE). Local congressmen Campbell and Eshoo are co-sponsors. We need to broaden the base of support for this bill. Everyone should talk to their customers/vendors/and companies with web sites about this issue. If we don't change the rules, it could cost $60B in 2000. There are 500 foreign encryption software products. He talked about how fast 40 and 56 bit encryption could be cracked and said that, in his opinion, the administration's desire to read everything, foreign and domestic is the greatest threat. He argues it is the wrong approach and we should be encouraging everyone to use encryption routinely. We need it for counter terrorism against attacks on computer systems used in design, manufacturing and e.g. controlling nuclear power plants. We need your help getting the word out. Write your member of congress. We will have hearings on the bill in the next month or two. Q: What do you say to techies/CEOs who want to run for public office? A: Well are you a Democrat or Republican? (laughter). Seriously, congress needs a variety of backgrounds to help with technical issues. Get good expert advice on running your campaign. James Freeman, Special Agent in Charge, San Francisco Office, FBI, discussed the tools the FBI needs to do its job. He talked about foreign espionage on US companies. He mentioned 800 cases involving 23 countries, 20% in the SF Bay area. Counterfeit drugs cost US drug companies $1.5B/year. The FBI does not have adequate laws to pursue theft of intellectual property. It could use a computer fraud/abuse law. In the last few years, the FBI and local law enforcement have identified 9 gangs dealing in stolen electronic components thru undercover operations and wiretaps. Each set of arrests have reduced the rate of reported armed robbery. They used RICO to help prosecute these gangs. He stated the FBI can do the same for intellectual property given the right tools. He stated that in some cases, foreign students are sent here to spy on US corporations. In some cases they are released from military service for their spying. Inside theft is responsible for most spying, but hacking and computer intrusion are increasing. He said that terrorists, money launders, drug dealers using crypto is a serious threat, and he thinks GAK is a good solution. If congress takes GAK away from law enforcement, they will use the tools they have. However we need a balanced approach. Q: If any high school student can implement unbreakable crypto, what can you do? A: Regulation of crypto is the responsibility of congress. Edward Kozel of Cisco Systems spoke about the problems they have had with the export regulations. He said that the Internet was important because it lowered the barriers to market entry. He offered the example that the big 3 American auto manufactures are requiring network links for their suppliers. He talked about attacks on hosts and networks. He said that right now, Atlanta is a boom area for telecommuting because Atlanta companies fear the Olympics will bring gridlock this summer. He suggested micro payments as a solution to copyright problems. We must see the problem as a global problem. PK is a fundamental component of commerce, authentication, and non-repudiation. Q (Dave Del Toro (sp?)): RSA patent license imposes significant limitations on what we can do with RSA. How can we overcome that barrier? Morris (Cylink): Cylink owns the DH patents. We are opening the technology with no-cost licenses. Patents should not be used to block the technology. Kozel: We certainly support open dissemination. In 1990 we couldn't export routers to e.g. Russia. So they used PCs and public domain software to build their nets. Now they are converting to routers. Now is the time to unleash encryption. Q: What is the best way to go given the new laws and IPv6? Kozel: 40 bits is no good. Even people in rural Australia know that. Industry needs to recognize the need for controls, if only by the customer. The technology is moving to the mass market. Encryption will be needed to keep everyone from reading data on cable networks. Paul Raines, Project Manager, United States Postal Service described the post offices digital postmark and certificate services. Cylink is the technical developer. The post office brings four things that private industry can't: (1) The postal fraud statutes, (2) A long track record and well established reputation, (3) 40,000 existing post offices (vs. 10,000 McDonald's), and (4) it can act as a trusted third party. Q: How much will you charge for these services and when will they be available? A: Postmarking: $.10, 7/96. Certificates: $10-$15/person/year, 4Q96. Q: Do you see the post office acting as an ISP? A: Only to the extent necessary to provide electronic delivery of digital postmarks and certificates. Q: Do you see the post office going into transaction verification? What limits your future business directions? A: We will make sure not to compete with private business. Because we must go through a rate commission to change prices makes it hard to compete. The evening closed with a Diffie, Hellman, Merkle panel. Hellman: After these 20 years, I feel less of a fool. When we wrote "New Directions in Cryptography" in 1976, we envisioned our ideas would be widespread in five years. Diffie: I was excessively optimistic about the spread of PKC in two of my papers. Hellman: We were off for two reasons. (1) Lack of public concern. With cell phone fraud approaching 40% that may change. And (2) ITAR. This new legislation will have a very positive effect. Merkle: I wish I could pipe the comments this evening back 20 years. I would particular like to pipe them to my rejection letter from Communications of the ACM which said my contribution was not mainstream. One is often over optimistic about the early rate of progress and under optimistic about the later rate. OK, I was wrong before, but things are going to happen fast now. Morris: Where are the new frontiers? Diffie: Quantum computing (if it works). Elliptic curve crypto. The next decade or so will be used to sort out the social effects. Passive listening by major governments is moving to active computer penetration. What will our high-level security specifications be? What are fair rules for intellectual property, privacy etc? We closed with David Morris reading email from Phil Mellinger, Chief Engineer, Government Securities Association. He said the US and Canada are discussing inter operability on Certificate authorities. The government is using DH with DES and SHA for government communications. Short of the automobile, PKC has had the largest effect on the world of any 20th century technology. Impressions: In conversation afterwards, I noted that discussion of personal privacy seemed to be politically incorrect in this group. Unless it directly supported corporate commerce, we didn't discuss it. ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz () netcom com | dead teenagers | Los Gatos, CA 95032, USA @netcom9.netcom.com
Date: Tue, 30 Apr 1996 01:10:40 -0700 To: cypherpunks () toad com From: frantz () netcom com (Bill Frantz) Subject: [LONG] Churchill Club: 20th Anniversary PK Crypto Sender: owner-cypherpunks () toad com The moderator, David Morris of Cylink, introduced the field by discussing the problems of corporate espionage, and privacy concerns vs. public and private databases. He said that the old security paradigms present with face to face business don't work with electronic commerce. He introduced Jim Omura, who gave an overview of PK encryption and introduced Martin Hellman, Ralph Merkle, and Whitfield Diffie. Louis Morris, Cylink CEO, presented them with inscribed glass trophies. Hellman described the key to the early years as being willing to be a fool, because you need to step out of the standard thought patterns. Diffie described the genesis from 1974 to 1978 as going from Merkle's paper, "Secure Communication Over Insecure Channels", thru DH key exchange, to RSA. Since 1976 is the center of gravity of these steps, this year makes a good 20th anniversary. Merkle said it is most striking how long it has taken to be adopted. Networks lead to a need for security, lead to a questioning of regulations on Crypto, which leads to changes in those regulations. Diffie said it is absolutely amazing that it is happening so quickly. "How wonderfully lucky it is we started working 20 years ago." Senator Larry Pressler (R, SD) was introduced via video projector from Washington D.C. He talked about bad government rules and that government should help or at least get out of the way. He talked about the need for exports and to assist US multi-national businesses. The controls hurt US companies. Encryption is the future of industry. If we don't fix the export problem, there are two outcomes. (1) Foreign competition will provide the function, or (2) US companies will move the R&D offshore. Either will cost US jobs. After listing his [off topic] pet bills, he mentioned that he was talking about encryption in software. He said Senator Burns' bill will be introduced tomorrow. Senator Conrad Burns (R, MT) spoke from the podium in a joke filled speech. He talked about the Telecom Bill as a way to do something about giving more people access to the glass highway. He talked about the problem of how do we make sure that people have agreed to a deal on the highway and supporting sales. He said we need the crypto bill to support them. His bill provides for, (1) Export of publicly available software (e.g. PGP and browsers), (2) no GAK, (3) limiting the authority of the Department of Commerce to set standards, and (4) export to countries which equivalent technology. He wants to have public hearings in Silicon Valley. Then questions came from the floor: Q: Why are we streamlining the Department of Commerce when the Department of State and NSA are the problem? Burns: Legislation will deal with this problem and prevent them from blocking export. You may still need a license, but there should be no fences. Pressler: We need to streamline relations between State and Commerce in this area. We need to streamline trade in hi tech. I don't think that state and NSA should have the say. Export is a trade problem. It is a "disaster for American exports." Burns: We are going to need grass-roots support to pass this bill. Q: Where do California's senators (Feinstein and Boxer) stand? Burns: We don't know. Pressler: We didn't have their support on tort reform. Stick with your friends and work for them. Q: Who is against the bill? Burns: People who listen to NSA. People who feel the US needs to be able to watch you. Q: How do you expect administration opposition to show up? A: We don't know yet. Q: Currently encryption is classified as a munition. Will your legislation reclassify it. Pressler: We don't see encryption as a threat to national security. People in Washington D.C. who make a living suppressing information oppose the bill. Burns: We need your knowledge to pass this bill. The senators bid us goodbye and the Congressman Robert Goodlatte (R, VA) was introduced. He said that President Clinton testified for 4.5 hours over an encrypted communication link on the McDougall trial. His bill is called Security And Freedom thru Encryption (SAFE). Local congressmen Campbell and Eshoo are co-sponsors. We need to broaden the base of support for this bill. Everyone should talk to their customers/vendors/and companies with web sites about this issue. If we don't change the rules, it could cost $60B in 2000. There are 500 foreign encryption software products. He talked about how fast 40 and 56 bit encryption could be cracked and said that, in his opinion, the administration's desire to read everything, foreign and domestic is the greatest threat. He argues it is the wrong approach and we should be encouraging everyone to use encryption routinely. We need it for counter terrorism against attacks on computer systems used in design, manufacturing and e.g. controlling nuclear power plants. We need your help getting the word out. Write your member of congress. We will have hearings on the bill in the next month or two. Q: What do you say to techies/CEOs who want to run for public office? A: Well are you a Democrat or Republican? (laughter). Seriously, congress needs a variety of backgrounds to help with technical issues. Get good expert advice on running your campaign. James Freeman, Special Agent in Charge, San Francisco Office, FBI, discussed the tools the FBI needs to do its job. He talked about foreign espionage on US companies. He mentioned 800 cases involving 23 countries, 20% in the SF Bay area. Counterfeit drugs cost US drug companies $1.5B/year. The FBI does not have adequate laws to pursue theft of intellectual property. It could use a computer fraud/abuse law. In the last few years, the FBI and local law enforcement have identified 9 gangs dealing in stolen electronic components thru undercover operations and wiretaps. Each set of arrests have reduced the rate of reported armed robbery. They used RICO to help prosecute these gangs. He stated the FBI can do the same for intellectual property given the right tools. He stated that in some cases, foreign students are sent here to spy on US corporations. In some cases they are released from military service for their spying. Inside theft is responsible for most spying, but hacking and computer intrusion are increasing. He said that terrorists, money launders, drug dealers using crypto is a serious threat, and he thinks GAK is a good solution. If congress takes GAK away from law enforcement, they will use the tools they have. However we need a balanced approach. Q: If any high school student can implement unbreakable crypto, what can
you do?
A: Regulation of crypto is the responsibility of congress. Edward Kozel of Cisco Systems spoke about the problems they have had with the export regulations. He said that the Internet was important because it lowered the barriers to market entry. He offered the example that the big 3 American auto manufactures are requiring network links for their suppliers. He talked about attacks on hosts and networks. He said that right now, Atlanta is a boom area for telecommuting because Atlanta companies fear the Olympics will bring gridlock this summer. He suggested micro payments as a solution to copyright problems. We must see the problem as a global problem. PK is a fundamental component of commerce, authentication, and non-repudiation. Q (Dave Del Toro (sp?)): RSA patent license imposes significant limitations on what we can do with RSA. How can we overcome that barrier? Morris (Cylink): Cylink owns the DH patents. We are opening the technology with no-cost licenses. Patents should not be used to block the technology. Kozel: We certainly support open dissemination. In 1990 we couldn't export routers to e.g. Russia. So they used PCs and public domain software to build their nets. Now they are converting to routers. Now is the time to unleash encryption. Q: What is the best way to go given the new laws and IPv6? Kozel: 40 bits is no good. Even people in rural Australia know that. Industry needs to recognize the need for controls, if only by the customer. The technology is moving to the mass market. Encryption will be needed to keep everyone from reading data on cable networks. Paul Raines, Project Manager, United States Postal Service described the post offices digital postmark and certificate services. Cylink is the technical developer. The post office brings four things that private industry can't: (1) The postal fraud statutes, (2) A long track record and well established reputation, (3) 40,000 existing post offices (vs. 10,000 McDonald's), and (4) it can act as a trusted third party. Q: How much will you charge for these services and when will they be available? A: Postmarking: $.10, 7/96. Certificates: $10-$15/person/year, 4Q96. Q: Do you see the post office acting as an ISP? A: Only to the extent necessary to provide electronic delivery of digital postmarks and certificates. Q: Do you see the post office going into transaction verification? What limits your future business directions? A: We will make sure not to compete with private business. Because we must go through a rate commission to change prices makes it hard to compete. The evening closed with a Diffie, Hellman, Merkle panel. Hellman: After these 20 years, I feel less of a fool. When we wrote "New Directions in Cryptography" in 1976, we envisioned our ideas would be widespread in five years. Diffie: I was excessively optimistic about the spread of PKC in two of my papers. Hellman: We were off for two reasons. (1) Lack of public concern. With cell phone fraud approaching 40% that may change. And (2) ITAR. This new legislation will have a very positive effect. Merkle: I wish I could pipe the comments this evening back 20 years. I would particular like to pipe them to my rejection letter from Communications of the ACM which said my contribution was not mainstream. One is often over optimistic about the early rate of progress and under optimistic about the later rate. OK, I was wrong before, but things are going to happen fast now. Morris: Where are the new frontiers? Diffie: Quantum computing (if it works). Elliptic curve crypto. The next decade or so will be used to sort out the social effects. Passive listening by major governments is moving to active computer penetration. What will our high-level security specifications be? What are fair rules for intellectual property, privacy etc? We closed with David Morris reading email from Phil Mellinger, Chief Engineer, Government Securities Association. He said the US and Canada are discussing inter operability on Certificate authorities. The government is using DH with DES and SHA for government communications. Short of the automobile, PKC has had the largest effect on the world of any 20th century technology. Impressions: In conversation afterwards, I noted that discussion of personal privacy seemed to be politically incorrect in this group. Unless it directly supported corporate commerce, we didn't discuss it. ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz () netcom com | dead teenagers | Los Gatos, CA 95032, USA
Current thread:
- IP: Churchill Club: 20th Anniversary PK Crypto Dave Farber (Apr 30)