Re: FC: More on Network Associates and its crypto-politics
-BEGIN PGP SIGNED MESSAGE- I believe the basic premise of the original articles by James Glave [EMAIL PROTECTED] and Kathleen Ellis v04003a0fb270ca39563c@[204.91.138.223] is incorrect. It is not news that Network Associates is in the KRA and has key recovery technology. If you enter http://www.pgp.com into your browser your are redirected to Network Associates' PGP Home page at: http://www.nai.com/default_pgp.asp That page has had the link "Key Recovery Important Announcement" which leads to: http://www.nai.com/products/security/key.asp As best I can recall, that link has been there since the PGP home page transitioned from PGP.com to NAI.com early this year. To save the readers the time surfing: "Network Associates and Key Recovery "With the acquisition of Trusted Information Systems (TIS) by Network Associates, NAI has added a new technology to its product portfolio -- key recovery. This TIS-developed technology addresses the market needs for encryption key recovery and management. NAI will continue to provide this technology to the market. "NAI's PGP product group already provides the capability for corporations to recover information from PGP products deployed in corporate environments. The requirement for this capability from corporations has been evident and well-known for quite sometime. "However, NAI does not believe there is a need for key recovery in PGP products for the individual. NAI will develop and market products that its customers need and want but will not include any technology that is not required by its customers. "For more information, please see the Press Release on the Network Associates web site." http://www.nai.com/about/news/press/1998/022398.asp (which specifically mentions the Key Recovery Alliance) It appears to be clear for all the world to see where Network Associates has stood with key recovery, PGP and their TIS acquisition. I'm not commenting on the goodness or badness of any of this, just that NAI doesn't deserve the accusation that they were trying to sneak one by anybody. -BEGIN PGP SIGNATURE- Version: PGP for Business Security 5.5 iQCVAwUBNlQzp/GfiIQsciJtAQFDcgQAv72MwlDK/zvFy8ICmP70nhlwnyGK7NUq MVHgjy20mwH6g432BXJJ9m5S6A35tzVeKZW+zSHAsf6DnEM4CQowzPsurdjHiDUJ UCsMWMOfTlRKHLO2Z6FoHZJbeWZX+TXJwj2cQldNnst49X0cak+cqsAhJT+NaAgq 2u0IDxI1AzI= =Ze3r -END PGP SIGNATURE- Regards, Dave Kennedy CISSP International Computer Security Assoc http://www.icsainc.com Protect what you connect. Look both ways before crossing the Net.
FC: More on Network Associates and its crypto-politics
--- begin forwarded text X-Sender: [EMAIL PROTECTED] Date: Tue, 17 Nov 1998 17:44:01 -0500 To: [EMAIL PROTECTED] From: Declan McCullagh [EMAIL PROTECTED] Subject: FC: More on Network Associates and its crypto-politics Mime-Version: 1.0 Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-Loop: [EMAIL PROTECTED] X-URL: Politech is at http://www.well.com/~declan/politech/ Cabe Franklin [EMAIL PROTECTED] forwards this statement from Wes Wasson, director of marketing for Network Associates' security division: "NAI officially withdrew from the Key Recovery Alliance in late 1997. In May of 1998, NAI acquired Trusted Information Systems, which had been an active member of the KRA. NAI subsequently reliquished the leadership role TIS had taken in the organization. NAI Labs' TIS Advanced Research Division continues to monitor the KRA's activities from a technical perspective, but Network Associates in no way advocates mandatory key recovery." - Cabe Franklin (NAI PR) 415-975-2223 TIS supports export controls on encryption products. My article: http://www.well.com/user/declan/pubs/cwd.shadow.cryptocrats.0298.txt -Declan -- POLITECH -- the moderated mailing list of politics and technology To subscribe: send a message to [EMAIL PROTECTED] with this text: subscribe politech More information is at http://www.well.com/~declan/politech/ -- --- end forwarded text - Robert A. Hettinga mailto: [EMAIL PROTECTED] Philodox Financial Technology Evangelism http://www.philodox.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: FC: More on Network Associates and its crypto-politics
In v04020a04b277c6d69429@[139.167.130.246], on 11/17/98 at 07:35 PM, Robert Hettinga [EMAIL PROTECTED] said: TIS supports export controls on encryption products. My article: http://www.well.com/user/declan/pubs/cwd.shadow.cryptocrats.0298.txt I doubt that TIS really cares one way or the other so long as they keep their fat government contracts. Of course those same contracts require keeping the government happy (ie: supporting GAK), TIS and others (being the corporate whores that they are) will sell out their own mothers (and the rest of us along with them) if it looked good on the bottom line. A real shame that PGP had to get mixed up with these vipers. -- --- William H. Geiger III http://www.openpgp.net Geiger ConsultingCooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP MR/2 the only way for secure e-mail. OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html ---
Re: FC: More on Network Associates and its crypto-politics
Declan McCullagh writes: TIS supports export controls on encryption products. My article: http://www.well.com/user/declan/pubs/cwd.shadow.cryptocrats.0298.txt Two problems here. First, you are using the present tense in saying that TIS "supports" export controls, but your article is from nine months ago. There have been many changes since then, including loosening of the crypto export rules, the acquisition of TIS by Network Associates, and a recent statement that TIS has backed off from its leadership role in advocating key recovery. What is TIS's current policy? It certainly sounds like it is changing. You should find out before claiming to know what it is. Second, even in the context of last February, what you wrote is: Some of the firms selected also endorse restrictions. Trusted Information Systems recently circulated a policy paper calling for "sensible" legislation to "make the export of 56-bit current interim DES controls permanent and permit the export of stronger encryption when it is combined with a key recovery system." (Which, coincidentally, TIS is happy to sell you...) At the time, this would have represented a LIBERALIZATION of export laws. 56 bit exports were only allowed in the context of a promise to add key recovery even for 56 bit keys. The statement you have quoted calls for allowing 56 bit key export permanently, and only requiring key recovery for stronger encryption. True, it was not a call for full elimination of restrictions, but it was a step in the right direction. You are falling into the tiresome pattern of extremists who claim that moderates are lackeys for the other side. It's like an anti-abortion fanatic who says that those who oppose murdering abortion doctors are baby killers. Try reporting the facts instead of altering them to fit your biased views.
Re: FC: More on Network Associates and its crypto-politics
William -- your speculation may be true, but for now we can settle for fact: they do support export controls. It makes sense, too: export ctrls create an artificial market for key recovery crypto, which TIS will be happy to sell to you. -Declan At 04:26 AM 11-18-98 -0500, William H. Geiger III wrote: In v04020a04b277c6d69429@[139.167.130.246], on 11/17/98 at 07:35 PM, Robert Hettinga [EMAIL PROTECTED] said: TIS supports export controls on encryption products. My article: http://www.well.com/user/declan/pubs/cwd.shadow.cryptocrats.0298.txt I doubt that TIS really cares one way or the other so long as they keep their fat government contracts. Of course those same contracts require keeping the government happy (ie: supporting GAK), TIS and others (being the corporate whores that they are) will sell out their own mothers (and the rest of us along with them) if it looked good on the bottom line. A real shame that PGP had to get mixed up with these vipers. -- --- William H. Geiger III http://www.openpgp.net Geiger ConsultingCooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP MR/2 the only way for secure e-mail. OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html ---
Re: FC: More on Network Associates and its crypto-politics
If anonymous has any evidence that TIS' policy has changed from earlier this year, I'd like to hear it. I guess if anonymous wants to call me an "extremist," I'll take it as a compliment. Personally I think of myself as pragmatic. -Declan At 08:03 PM 11-18-98 +0100, Anonymous wrote: Declan McCullagh writes: TIS supports export controls on encryption products. My article: http://www.well.com/user/declan/pubs/cwd.shadow.cryptocrats.0298.txt Two problems here. First, you are using the present tense in saying that TIS "supports" export controls, but your article is from nine months ago. There have been many changes since then, including loosening of the crypto export rules, the acquisition of TIS by Network Associates, and a recent statement that TIS has backed off from its leadership role in advocating key recovery. What is TIS's current policy? It certainly sounds like it is changing. You should find out before claiming to know what it is. Second, even in the context of last February, what you wrote is: Some of the firms selected also endorse restrictions. Trusted Information Systems recently circulated a policy paper calling for "sensible" legislation to "make the export of 56-bit current interim DES controls permanent and permit the export of stronger encryption when it is combined with a key recovery system." (Which, coincidentally, TIS is happy to sell you...) At the time, this would have represented a LIBERALIZATION of export laws. 56 bit exports were only allowed in the context of a promise to add key recovery even for 56 bit keys. The statement you have quoted calls for allowing 56 bit key export permanently, and only requiring key recovery for stronger encryption. True, it was not a call for full elimination of restrictions, but it was a step in the right direction. You are falling into the tiresome pattern of extremists who claim that moderates are lackeys for the other side. It's like an anti-abortion fanatic who says that those who oppose murdering abortion doctors are baby killers. Try reporting the facts instead of altering them to fit your biased views.