Re: Cryptography in the kernel (was: Re: Linux 2.5 / 2.6 TODO (preliminary))

Date: Thu Jun 01 2000 - 19:19:04 EST

On Thu, Jun 01, 2000 at 07:00:49PM +0200, David Weinehall wrote:
> On Thu, 1 Jun 2000, David Schwartz wrote:
> >
> > Or, put another way, should Linux be dumbed down to make it
> > legal in the most restrictive possible environment? Or should Linux
> > follow it's natural development path?
> Well, even if/when the crypto-patches goes into the kernel it'll be dumbed
> down, because it won't have those crypto-algorithms that are patented in
> the US. Most of the rest of the world has no algorithm-patents but the US
> has...
> It's a pity Linus lives in the US, imho.
> > IMO, it would be the greatest possible victory for totalitarian
> > and restrictive regimes if they got to dictate to the entire rest of
> > the planet what features everyone else's software would come with.
> Indeed. But it isn't much better that democratic states dictates it...

One extreme... in some puzzle palaces the policy is that everything be
secured by default. No communications link is allowed to connect to the
outside world without first being encrypted. No traffic is allowed to
flow across a link without being offline encrypted. No data is allowed
to reside on a storage device without first being encrypted...

The rational is that the security risk posed by human error (read: slips
of the tongue/finger) is greater than than that of a well funded opponent.

The other extreme... those who believe the weak security is better than
no security. They argue that we should worry more about the technicians
manning the sniffers, data scopes, ESS consoles, test boards, disk drive
test jigs, and parents prone to rummage through junior's email.

The U.S. leadership is currently engaged in a hypocritical debate with
itself. On one hand all technical means possible must be employed to
protect e-commerce from the dangers wrought by "hacker outlaws", foreign
e-warfare agents, love bug virus writers, etc. and on the other hand data
must remain "easily snoopable" so that the cost of prosecuting/persecuting
those with dangerous secrets can be minimized. I assume that arguments
range between similar positions in other countries. The bright side is
that governments and constituents are (finally) debating crypto issues.

Weak security is FAR (!!!) worse than no security. It lulls people into
complacency. They become lemmings running full speed to the cliffs
(such as the Speaker of the U.S. House of Representatives whose
cellular calls were intercepted by political detractors). The lowest
common denominator crypto solution is worse than no solution at all.

Avoid the creation of lemmings, keep the kernel crypto free. As an
e-commerce disaster (perhaps the diversion of funds from grass roots
political supporters to some third party detractor (or vice versa)) is
probably inevitable, the masses will eventually clamor for a strong
solution (invented by Al Gore?).

Until that day... it seems to me that crypto anarchy should be encouraged.

Reed H. Petty

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:13 EST