At 11:20 AM 04/28/2000 -0700, Eric Murray wrote:
>> The new EU rules eliminate
>> the need to secure approval from national licensing bodies and do away with
>> security checks for all encryption products with the exception of so-called
>> crypto-analytic tools, which can be used to test systems and crack codes.
>What? That's a new one!
>Could it be that certain large organizations(GSM) who have been
>embarrased(A5) added this as a way to discourage/prevent exposure
>of their weak crypto?
Yes - that means that Europeans will need to import their
cryptanalysis tools from Berkeley or Montreal, or wherever the
Party At Ian's Place is this week, except when Lucky and Ian are in Europe :-)
(In that case they'll need to import from Boston.)
It also means that EU security-by-obscurity products will be at a
competitive disadvantage against non-EU products that can use
automated tools for testing, and the Bad-Crypto-Cracking business
will have to move to non-EU countries, or hire mathematicians in India...
Steve Bellovin wrote:
> The WSJ story said that "France demanded this exception because the
> country is concerned that some of its communications could be vulnerable
> to hacking by Corsican terrorists."
Yow! Corsican hackiere-terroristes will certainly be stopped by that!
They'd have to download GSM-crackers with instructions in English
instead of French or Italian!
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
