Interesting People mailing list archives
IP: IAB/IESG on Wassenaar
From: Dave Farber <farber () cis upenn edu>
Date: Fri, 25 Dec 1998 12:53:40 -0500
Date: Fri, 25 Dec 1998 11:28:24 -0500 To: Dave Farber <farber () linc cis upenn edu> From: Don Heath <heath () isoc org> Dave Here is a copy of the ISOC press release on the IAB/IESG statement regarding Wassenaar. You have done many good things regarding educating your IP readerson the subject, and I thought they might be interested. At the same time, I expect many have already seen reports of the statement, if not the statement itself. Thanks, Don FOR IMMEDIATE RELEASE December 22, 1998 ENCRYPTION REGULATIONS THREATEN INTERNET PRIVACY AND E-COMMERCE GROWTH Hackers Can Crack Secret Codes in a Day, Technical and Standards Groups Warn WASHINGTON, D.C. -- The Internet Architecture Board (IAB) and the Internet Engineering Steering Group (IESG), two international groups responsible for technical management and standards for the Internet, today issued a warning that the Internet will be weak and vulnerable because of the restrictions recently placed on the export of encryption software. The IAB and IESG issued the warning in a joint statement in response to recent changes to the Wassenaar Arrangement, which would limit the availability of strong encryption software. Hackers could crack code using the current approved length of 64-bit ciphers in less than a day with a relatively small investment, according to technical experts. Three years ago, the groups endorsed a 90-bit key as the minimum for security for Internet communications and commerce. In addition to identifying both potential threats to privacy and criminal assaults on safe electronic commerce, IAB and IESG raised a concern about the negative impact of the restrictions on developing countries. Many countries are new to the network and may lack the financial and technical strengths to develop their own cryptographic capabilities. The exportation of stronger encryption software will support development of their networks for communications and commerce. The IAB/IESG statement was endorsed by the Internet Society, the non-profit, non-governmental organization representing Internet users in more than 150 countries in advocating global coordination and cooperation on the development and growth of the Internet. ISOC previously raised concerns about export controls slowing the deployment of security at the same time the Internet is exponentially increasing in social impact and its attackers are increasing in sophistication. FULL STATEMENT The IAB and IESG deplore the recent changes to the Wassenaar Arrangement (http://www.wassenaar.org) that further limit the availability of encryption software by including it in the Wassenaar agreement's list of export controlled software (section 5.A.2.a.1 of the list of dual-use goods, WA LIST 98 (1)). As discussed in RFC 1984 (Request for Comment No. 1984), strong cryptography is essential to the security of the Internet; restrictions on its use or availability will leave us with a weak, vulnerable network, endanger the privacy of users and businesses, and slow the growth of electronic commerce. The new restrictions will have a particularly deleterious effect on smaller countries, where there may not be enough of a local market or local expertise to support the development of indigenous cryptographic products. But everyone is adversely affected by this; the Internet is used worldwide, and even sites with access to strong cryptographic products must be able to talk to those who do not. This in turn endangers their own security. We are happy that the key size limit has been raised in some cases from 40 bits to 64; however, this is still too small to provide real security. We estimate that after a modest capital investment, a company or criminal organization could crack a 64-bit cipher in less than a day for about $2,500 per solution. This cost will only drop in coming years. A report released about three years ago suggested that 90-bit keys are the minimum for long-term security. Brian Carpenter (IAB Chair) Fred Baker (IESG and IETF Chair) ABOUT IAB, IESG, IETF The Internet Engineering Steering Group (IESG) is responsible for technical management of the Internet Engineering Task Force (IETF) activities and the Internet standards process. The IESG is directly responsible for the actions associated with entry into and movement along the Internet "standards track," including final approval of specifications as Internet Standards. IESG Members are highly qualified individuals who (along with their employers) make a commitment of time and energies to serve the Internet community. E-mail addresses for Area Directors of IETF Working Groups and other information may be found at <http://www.ietf.org/html.charters/wg-dir.html> The Internet Architecture Board (IAB) http://www.iab.org/iab provides oversight of the architecture of the Internet and its protocols. It also serves, in the context of the Internet standards process, as a body to which the decisions of the IESG may be appealed. The IAB is responsible for approving appointments to the IESG from among the nominees submitted by the IETF nominations committee. The IAB also acts as a source of advice and guidance to the Internet Society concerning technical, architectural, procedural and policy matters pertaining to the Internet and its enabling technologies. The Internet Engineering Task Force (IETF) <http://www.ietf.org/> is the principal body engaged in the development of new Internet standard specifications. There is no formal membership in the IETF. It is open to any interested person. The IETF is divided into eight functional areas: Applications, Internet, IP: Next Generation, Network Management, Operational Requirements, Routing, Security, Transport and User Services. ABOUT THE INTERNET SOCIETY The IAB, IETF, and IESG are chartered by the Internet Society (ISOC), a non-profit, non-governmental international organization that promotes and maintains a broad spectrum of activities focusing on the Internet's development, availability, standards and associated technologies. Its mission is to support and advocate reliability, stability and security while supporting growth of the Internet in developing countries through worldwide education programs. Founded in 1991, it is based in Reston, Virginia, and has chapters throughout the world. ABOUT THE WASSENAAR ARRANGEMENT The Wassenaar Arrangement has been established in order to contribute to regional and international security and stability, by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies. Participating states seek to ensure that transfers of these items do not contribute to the development, enhancement or support of military capabilities. The U.S. is among 33 participating countries, and each state retains sole responsibility to deny or approve transfers based on national discretion. ### Contact Information: INTERNET SOCIETY - Vint Cerf, chairman Phone: 703-715-7432 Don Heath, president; or Marty Burack, executive director Phone: 703-649-9888 Email: Don Heath <heath () isoc org> Marty Burack <burack () isoc org> ISOC PUBLIC RELATIONS - Tom Gable or Rick Cook, The Gable Group Phone: 619-234-1300 Email: Tom Gable <tomg () gablegroup com> Rick Cook <rick () gablegroup com>
Current thread:
- IP: IAB/IESG on Wassenaar Dave Farber (Dec 25)