Dear RIPE meeting participants, Below you will find the schedule for working groups meetings and the agenda for the plenary session. As always, they are proposals: please let us know of any changes and/or additions you might want to propose, at <ncc@ripe.net>. -------------------------------------- 22nd RIPE Meeting Preliminary Schedule for Working Groups Meetings Start: October 11, 09:00 End: October 12, 12:30 -------------------------------------- 11 Oct +------------+ 09:00 +------------+ 12 Oct | EOF (1) | | Routing | +------------+ 10:30 +------------+ break break +------------+ 11:00 +------------+------------+ | EOF (2) | | Database |Connectivity| +------------+ 12:30 +------------+------------+ lunch lunch +------------+------------+ 14:00 | MBONE | IPv6 | ...plenary session... +------------+------------+ 15:30 break +------------+------------+ 16:00 | LOCAL IR | DNS | +------------+------------+ 18:00 -------------------------------------- 22nd RIPE Meeting Preliminary Agenda for Plenary session Start: October 12, 14:00 End: October 13, 15:30 -------------------------------------- o Opening and Welcome o Adoption of the Agenda o Minutes 21st RIPE Meeting o Actions 21st RIPE Meeting o RIPE NCC Report o RIPE NCC Financial Report o Dante Services o Internet Exchanges: - Roma - Moscow o IETF Report o Working Groups Reports o Dates of next Meetings o A.O.B. o Closing
Hello All, Yesterday I read in "Communications Week International" (issued 18 Sept 95) the article named "Euro-Clipper chip scheme proposed" by Damian Peachey. Its say that "Thirty-four European countries [Council of Europe, me] have agreed to outlaw some of the strongest encryption protocols used in communications networks and make "keys" - similar to controversial U.S. "Clipper chip" - available to goverments." and below "...it is rare for countries to reject Council of Europe recommendations, said Peter Csonska, administrative officer at the Council's division of crime problems and chairman of the committee that drafted the document." Can somebody comment it more shurely that it is in article ? - Leonid Yegoshin, LY22
Hello All,
Yesterday I read in "Communications Week International" (issued 18 Sept 95) the article named "Euro-Clipper chip scheme proposed" by Damian Peachey.
Can somebody comment it more shurely that it is in article ?
it is likely that the EC will recommeond that the EU moves to a) no public domestic use of strong encryption b) escrow keys held by some EC agency this is despite the fact that there are NO technical experts that I know of that agree that 1/ terrorists, drug dealers and dissemiantion of obscene material will be affected in the least, or wopuld partioculalry benefit from wide availability of commercial strong encryption ()seeing as they can get it for nothing or use phrasebook technology instead) 2/ Key escrow is inherently unsafe since the holders of the escrowed keys are not part of the users' audit mechanisms - furthermore, it is a potential invasion of the right to free and private speech, and represents a direct attempt to exert more (international) state control than is tolerable by almost all internation commerce. There is a body of work that analyzes complete security systems (from banking for example) which shows that most (>90%) of security failures are due to breach of trust in the people chain, and not in the technology. [ref CACM Nov 94, Vol 37, No. 11, "Why Cryptosystems Fail", Ross Anderson] - see also various bboards about the differences between openly available technology (c.f. pgp) and secretly produced auth/privacy software (c.f. netscape - 3 failures to date). see also http://web.cnam.fr/Network/Crypto/ Most large commercial organisations that really need strong crypto will of course find ways around (e..g SWIFT use DES already for banking - I am sure that the large financial insitutes will get special permiossion to use 128bit or larger keys for RSA) It is very sad that the EC has such incompetent technical advice. At an IAB security workshop a while back on Internet security, a large number of US experts were very scathing about the US government attempt to enfoce clipper. There is only one 'security expert' on record as supporting i, and that is Dorothy Denning....in my opinion, her motives are extremely suspect. For people from countries like yourself it has proved vital to have the ability to communicate privately and be highly assured that a governement cannot eavesdrop - I cannot understand why the EC which supports political changes that involve popular movements against governemnt to increase freedom, should see fit to try to introduce a policy and mechanism that decreases it. The ACM (as chair of ACM SIGCOMM I suppose I should say this) has taken the official position in a policy statement that escrow is technically flawed, and should not be employed. regards jon crowcroft
I think RIPE should formulate a position statement in this matter and send to Council of Europe and EC. I guess many ISPs would back a statement towards liberal use of cryptography to facilitate the growth of the Internet so that we don't all get into the position in France and Russia where cryptography is illegal, as I understand. The Internet society has already sent message to US government arguing against the clipper chip and I guess ISOC could also send such a message to the EC and the council. Any volunteers for a position statement ? Jon ? Frode --------------------------------------------------------------------------- Frode Greisen phone: +45 3582 8355 UNI-C direct dial in: +45 3183 2411 - 4356 Vermundsgade 5 fax: +45 3183 7949 DK 2100 Copenhagen, Denmark e-mail: frode.greisen@uni-c.dk --------------------------------------------------------------------------- On Fri, 6 Oct 1995, Jon Crowcroft wrote:
Hello All,
Yesterday I read in "Communications Week International" (issued 18 Sept 95) the article named "Euro-Clipper chip scheme proposed" by Damian Peachey.
Can somebody comment it more shurely that it is in article ?
it is likely that the EC will recommeond that the EU moves to a) no public domestic use of strong encryption b) escrow keys held by some EC agency
this is despite the fact that there are NO technical experts that I know of that agree that 1/ terrorists, drug dealers and dissemiantion of obscene material will be affected in the least, or wopuld partioculalry benefit from wide availability of commercial strong encryption ()seeing as they can get it for nothing or use phrasebook technology instead)
2/ Key escrow is inherently unsafe since the holders of the escrowed keys are not part of the users' audit mechanisms - furthermore, it is a potential invasion of the right to free and private speech, and represents a direct attempt to exert more (international) state control than is tolerable by almost all internation commerce.
There is a body of work that analyzes complete security systems (from banking for example) which shows that most (>90%) of security failures are due to breach of trust in the people chain, and not in the technology. [ref CACM Nov 94, Vol 37, No. 11, "Why Cryptosystems Fail", Ross Anderson] - see also various bboards about the differences between openly available technology (c.f. pgp) and secretly produced auth/privacy software (c.f. netscape - 3 failures to date). see also http://web.cnam.fr/Network/Crypto/
Most large commercial organisations that really need strong crypto will of course find ways around (e..g SWIFT use DES already for banking - I am sure that the large financial insitutes will get special permiossion to use 128bit or larger keys for RSA)
It is very sad that the EC has such incompetent technical advice.
At an IAB security workshop a while back on Internet security, a large number of US experts were very scathing about the US government attempt to enfoce clipper. There is only one 'security expert' on record as supporting i, and that is Dorothy Denning....in my opinion, her motives are extremely suspect.
For people from countries like yourself it has proved vital to have the ability to communicate privately and be highly assured that a governement cannot eavesdrop - I cannot understand why the EC which supports political changes that involve popular movements against governemnt to increase freedom, should see fit to try to introduce a policy and mechanism that decreases it.
The ACM (as chair of ACM SIGCOMM I suppose I should say this) has taken the official position in a policy statement that escrow is technically flawed, and should not be employed.
regards
jon crowcroft
I think RIPE should formulate a position statement in this matter and send to Council of Europe and EC. I guess many ISPs would back a statement towards liberal use of cryptography to facilitate the growth of the Internet so that we don't all get into the position in France and Russia where cryptography is illegal, as I understand.
Some comments: It isn't correct. Cryptography is legal. But you should license or certify products for public usage. And more strong requirements for goverment bodies and financial institutes.
Frode
Dmitri
it is likely that the EC will recommeond that the EU moves to a) no public domestic use of strong encryption In some countries it's already far too late for that. b) escrow keys held by some EC agency Hah! this is despite the fact that there are NO technical experts That's quite common for the political bodies that decide in such issues. that I know of that agree that 1/ terrorists, drug dealers and dissemiantion of obscene material will be affected in the least Of course they won't be affected. Just like a thief isn't affected by laws that forbid theft. 2/ Key escrow is inherently unsafe since the holders of the escrowed keys are not part of the users' audit mechanisms - furthermore, it is a potential invasion of the right to free and private speech, and represents a direct attempt to exert more (international) state control than is tolerable by almost all internation commerce. Exactly! And I bet that the strongest advocates of this sort of nonsense are countries like France that in this (and other) respect are police states. Most large commercial organisations that really need strong crypto will of course find ways around (e..g SWIFT use DES already for banking - I am sure that the large financial insitutes will get special permiossion to use 128bit or larger keys for RSA) Others will too. It is very sad that the EC has such incompetent technical advice. Nothing new under the sun... :-( A while ago encryption was about to be outlawed in the Netherlands. Thanks to fierce opposition from many sides, not in the least "official bodies" with real technical knowledge, the whole proposal was turned down. Let's hope history won't repeat itself in this case. Piet
participants (6)
-
Dmitry Burkov -
egoshin@ihep.su -
Frode Greisen -
Jon Crowcroft -
Piet Beertema -
RIPE NCC Staff