-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

..Dispatch from IETF Munich
Part 3: Ssh.  There are people watching the network!

The days are getting busier as the week goes on.  The fellow
from Digital loaned out a couple of dozen wireless modem devices
so now there are people scattered all over the hotel lobby
sitting on couches logged on to the net through these little
black boxes sticking out of the back of their laptop computers.

Today the SSH (see, I didn't spell it wrong), PKIX, CAT, and Key
Signing meetings were held.  A busy day for the crypto wienie in
deed.  SSH is Secure Shell.  It's a tool set and a protocol to
allow secure 'shell' (character console) access across the net
to Unix and other systems.   It too is sort of redundant with
TLS, but it too is deploying NOW and therefore it's considered
logical to have a working group.  And besides, those folks from
<a href="http://www.ssh.fi">Data Fellows</a> in Finland have such
cool accents!

PKIX is public key infrastructure, done with X.509 certificates,
like they use in Netscape and Microsoft web servers.  It meets
twice.  The documents are pretty hefty.  Check out the <a
href="http://www.ietf.org/html.charters/pkix-
charter.html">drafts</a>.  There will be a short quiz the next
time you go to use your credit card, or driver's license, or
passport...

The Key Signing was the PGP Key Signing "Party" held at the
IETF.  People stand up and read their PGP hash values so you can
confirm you can match a key to a person.  So if you don't see a
hash of 6661-a3e2-51e0-940c-cb30-15c8-8c29-564f-e0bc-97ea, don't
trust the key you're using to authenticate this message.

As the conversations continue, it becomes more evident that the
crypto policies of the United States are, to say the least, a
little odd.  It's sometimes embarassing to say the least.  I can
stand in the hallway at this public conference and talk about
encrypting network packets.  I can go back to my laboratory and
encrypt packets.  The lady across the room from Israel, the
gentleman from Finland, and all the others in the room know it's
clear we all possess the same technology, (sometimes theirs is
better!) but I have to avoid exporting products that do this so
the U.S. government can restrict access to Triple DES outside
this country?

Say what?  Do you think there are no crypto people east of Nova
Scotia?  Don't you know they've uncovered pre-historic caves in
Central Europe with drawings of people rubbing two long primes
together to get a block cipher?  I mean, it's arithmetic.  It's
not like anyone can keep the genie in the bottle.  As someone
once said, it's like erecting Stop Lights in Space.

IETF Munich -- Tasty Field Report, Day 3
Rodney Thayer <rodney@sabletech.com>
 Copyright 1997 Sable Technology Corporation. Permission to
 publish granted to Keith Dawson / the Technology Front. 


-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBM/Kb8owpVk/gvJfqEQJdXgCg2kXgvcISU3kURLLFrs7jHzkNpAYAnjcG
nA9iTvfLO8g24PFwvc3kng2i
=tVPx
-----END PGP SIGNATURE-----