-----BEGIN PGP SIGNED MESSAGE-----
At 10:05 AM 6/25/00 -0400, Don Davis wrote:
...
>i'm sorry, but this is a foolish complaint. their specialty
>is as demanding as ours; why demand that they should master
>our specialty, when we make no effort to master theirs, and
>when we make no effort to help them understand crypto? all
>we've had to say to legislators and regulators is, "don't
>regulate crypto, leave us alone," and then surprise, surprise:
>even when we might want them to support crypto with laws,
>they don't know enough about crypto to be able to regulate
>it.
Perhaps the difference is that most cryptographers aren't in a
position to impose our uninformed misunderstandings about the
workings of government on the world by force of law, while the people
who deal with the mechanics of making laws end up doing just that.
Anyway, the specific comment here was about people who are allegedly
working with the legislation that's to be passed, misunderstanding
important aspects of that legislation, right? I mean, it's silly to
expect a congressman to understand details about how DSA works, but
it seems reasonable to expect him to understand what the bill he's
about to vote for says, at least in general terms.
An interesting question is whether the people who gave the CNet
reporter bad information merely got the terminology wrong
(substituting ``digital'' for ``electronic'' signatures in an
interview), or whether they misunderstood the actual meaning and
effect of the law. If they just got the terminology confused, it's
no big deal; if they didn't really understand what they were advising
some congressman about, that reflects a big problem.
>if we are successful in making crypto that's usable enough to
>become pervasive, then industry and the public will need new
>laws to help resolve social conflicts involving crypto, such
>as inevitably will arise. thus, it's our responsibility to
>help advise legislators constructively on cryptographic and
>security matters, but the civilian crypto community has quite
>consistently rejected and ridiculed every governmental foray
>into cryptographic legislation. indeed, the crypto community
>goes further, by ridiculing any cryptographer or security
>expert who supports legislative efforts. we're the ones who
>have screwed this up, not the legislators or their staffers.
I haven't seen this. There's certainly a lot of anger directed at
people who support mandatory key-escrow proposals or strict export
controls, but I haven't seen this kind of anger directed at people
who want government to intelligently handle (say) evidence whose
authenticity is protected by cryptography, or to enforce contracts
which were digitally-signed, or to prosecute people who attack
others' computer systems over the net. Maybe I'm just missing it.
> - don davis, boston
- --John Kelsey, Counterpane Internet Security, [EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
Comment: foo
iQCVAwUBOVflHSZv+/Ry/LrBAQGfVgP/bZhu1W5niiGkOyd0PkapjYp5B1Ab11Up
7gN00oaxteV35Trt4/FCcsQJ8YqkTwvSNgsbIbBQkQNIs4XDhElpPQD/imokASPn
PU4LTbGkI1wm0BcX/Vx+4Lqe0fTEXqmdGeOM9XG2nV+phyAJ0mPvUVtseYli6qoc
zY/SRL+Ed3g=
=1jVj
-----END PGP SIGNATURE-----
