I support HR3627
"Robert G. Moskowitz" <0003858921@mcimail.com> Wed, 09 February 1994 13:40 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa05676; 9 Feb 94 8:40 EST
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa05672; 9 Feb 94 8:40 EST
Received: from lists.psi.com by CNRI.Reston.VA.US id aa06460; 9 Feb 94 8:40 EST
Received: from psi.com by lists.psi.com (4.1/SMI-4.1.3-PSI) id AA06748; Wed, 9 Feb 94 08:00:15 EST
Received: from MCIGATEWAY.MCIMail.com by psi.com (4.1/2.1-PSI/PSINet) id AA16387; Wed, 9 Feb 94 08:00:37 EST
Received: from mcimail.com by MCIGATEWAY.MCIMail.com id ac14696; 9 Feb 94 12:34 GMT
Date: Wed, 09 Feb 1994 07:37:00 -0500
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: "Robert G. Moskowitz" <0003858921@mcimail.com>
To: cantwell <cantwell@eff.org>
To: US president <president@whitehouse.gov>
To: US vice-president <vice-president@whitehouse.gov>
Cc: com priv <com-priv@psi.com>
Subject: I support HR3627
Message-Id: <13940209123731/0003858921NA5EM@mcimail.com>
It seems to me that privacy in communications requires three things: - Authentication/non-reputiation - Guarantied data content - Encryption of data Authentication/non-reputiation is not only a security item, i.e. am I communicating with the person I want to, but also a legal issue. If someone says that they will do something in a non-reputiable message and doesn't, they later cannot deny that they made the statement as it is non-reputiable. The data content must be guarantied, as not only might it be maliciously corrupted, but computer programs that forward data have been known to do things wrong, and communication links have been known to alter a byte or two. Data encryption allows for private communications over public servers. The Clipper chip only addresses the last item. And then only over a private, point-to-point link. The Clipper chip on a third party provider's communication link is no assurance that one of the data forwarding systems on the data path has not been comprimised and my data is still being 'watched'. There is an INTERNATIONAL, GATT based standard for EMail that addresses this. It is called X.509. X.509 combines Public Key cryptography and message hashing to meet all three requirements. According to many people that know the legal side better than me, X.509 has been agreed to by the US government at a treaty level and thus needs to be supported and allowed by the US government. Thus the US government cannot take a unilateral position of saying that the Clipper Chip technology is the only communications security the public needs. It is also incumbant on the US government to encourage its citizens to produce the best X.509 products possible to maintain a competitive edge in the messaging software arena. Thus a bill like HR3627 is a key bill. I know that there are limitations and implementation issues to X.509. Also X.509 does not well address real time and interactive communications. There are other efforts in various standard bodies that are addressing this; Privacy Enhance Mail for INTERNET 822 mail, Kerberos (tm) security for the Distributed Computing Environment to name two. The US government needs to nuture technologies like these; they meet critical needs of corporate users of data communications. And again Clipper chip technology does nothing for them. To this end, I ask the US government to pass HR3627 and to scale back the Clipper Chip push. The Clipper chip should be relegated to voice and fax communication at best. There are better, more functional technologies for data communications. Robert G Moskowitz 15210 Sutherland Oak Park, MI 48237
- I support HR3627 Robert G. Moskowitz