Re: [Internet-Drafts@ietf.org:
"Theodore Y. Ts'o" <tytso@mit.edu> Sat, 05 October 1996 13:34 UTC
Received: from cnri by ietf.org id aa09727; 5 Oct 96 9:34 EDT
Received: from neptune.hq.tis.com by CNRI.Reston.VA.US id aa07810; 5 Oct 96 9:34 EDT
Received: from neptune.tis.com by neptune.TIS.COM id aa10201; 5 Oct 96 9:13 EDT
Date: Fri, 04 Oct 1996 16:37:34 -0400
Message-Id: <9610042037.AA11249@dcl.MIT.EDU>
From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Peter Williams <peter@verisign.com>
Cc: "'Theodore Y. Ts'o'" <tytso@mit.edu>, 'Dave Crocker' <dcrocker@brandenburg.com>, "'pem-dev@tis.com'" <pem-dev@tis.com>
In-Reply-To: Peter Williams's message of Fri, 4 Oct 1996 12:20:23 -0700, <01BBB1EE.71940740@Peter.verisign.com>
Subject: Re: [Internet-Drafts@ietf.org:
Address: 1 Amherst St., Cambridge, MA 02139
Phone: (617) 253-8091
Sender: pem-dev-approval@neptune.tis.com
Precedence: bulk
From: Peter Williams <peter@verisign.com> Date: Fri, 4 Oct 1996 12:20:23 -0700 Umm.... wow. I'm not sure how to respond to all of this. Methinks there is a lot of emotion and invective which has gotten stirred up. Most of the time people accuse the PGP-partisans of being the ones who serve up this sort of thing, but I see there are anti-PGP people who do similar things. An implementor of the PGP standards can choose the algoirhtms they desire, you say. Will theyl not be allowed to market it as PGP(TM)! I don't know; you'd have to talk to PGP, inc. about that. I know that there has been talk of support alternative algorithms, and the pgplib work that is on-going will have some alternatives. (I'm not intimately involved, so I don't know all of the details.) So that I get the algoirhtm technology switching capability established and framework choices, so I then use the math and key lengths which I choose and trust for my risks, rather than that which Phil Z happen to believe in this month. I dont trust Phil Z, or anyone but myself or other Euro folk, to make cryptographic choices for my usage. Actually, PGP has always allowed you to choose your own key length, as you see fit. I happen to use a 1024 bit PGP key for signatures, and a 768 bit key for encryption. Am I being too paranoid? Not paranoid enough? Each person can make their own choice. As far as algorithm choice, all software has some limitations as to what they support. If I do agree an algoirhtm for an application, I want a Euro based implemenation when I use it! Who knows what the Yanks have stuffed inside their exported implementations, to spy, or otherewise make insecure. Actually, there is a euro-based implementation of PGP.... PGP was actually developped outside of the U.S., and then re-imported back into the U.S. So, there are now two parallel implementation tracks; one inside the U.S., and one outside the U.S. Given that the source code is available for anyone to look at, people can look at it and decide for themselves whether or not there are any "trap doors" hidden in it. Many of the concerns voiced about Clipper/fortezza simply don't apply with PGP, because the source code is freely available for anyone to look at. No Ted, we need algoirhtm choice, and multiple implementations, I suggest. Sure practical commercial parties will agree profiles to get on with real life and do trade with the rest of the work. There may even be a massive US->Europe or US-> Asia export trade of crypto, for low sensitivity material. Most material is after all very low sensitivity! I agree that algorithm choice and multiple implementations are good. However, even if most material is low sensitivity, that doesn't necessary mean that they should use weak algorithms. If there aren't any downsides to using high grade crypto, it's of course better to always use high grade crypto. Otherwise, the traffic analysis opportunities become... interesting. If PGP (the technical standard) is open and free for anyone to use and implement, then lets use it. I dont care about syntax; I care about use patterns, and personal management of risks, based on trust. The protocol is freely available. The trademark, though, is a red herring. Anyone can write to a protocol spec, and then claim that their product is upwards compatible with (say) PGP without violating trademark issues. They might not be able to *call* their product PGP, but so what? You don't call your product PEM or S/MIME, you give it some catchy name, like NetScape or Eudora, and then say that NetScape or Eudora follows the following Internet standards..... Crypto is all about politics, Ted. Why do you think we dont have general availability of secure mail widgets everywhere, yet!! Its certainly nothing to do with technology issues. I'd politely suggest that we take politics to alt.flame. PGP certainly has a perception problem amongst certain organization, just as PEM became forever tainted with the "we accept nothing less than pissing-in- a-bottle-and-get-a-drug-test level of security". Given your invectitude, it sounds like your mind is made up already, although I would encourage you to do a little bit of research and perhaps open your mind to other points of view. However, there's little we can do about this and other politicla issues on this list, short of wasting more bandwidth and time. Bandwidth is cheap. Time, though, is not. - Ted
- RE: [Internet-Drafts@ietf.org: Peter Williams
- Re: [Internet-Drafts@ietf.org: Theodore Y. Ts'o