An intersting discussion about FAX security has developed over the holidays.
I found the following comment from Harald worthwhile to share with those of
you who are not on the IETF FAX DL.
Carl-Uno
>X-Sender: hta at 127.0.0.1>Date: Fri, 26 Dec 1997 18:41:45 PST
>To: Mike Lake <mlake at wordcraft.co.uk>, Ned Freed <Ned.Freed at innosoft.com>
>From: Harald Tveit Alvestrand <Harald.Alvestrand at maxware.no>
>Subject: IETF Security policy (Re: IFax security)
>Cc: IETF-FAX <ietf-fax at imc.org>, tsg8ifax at itu.ch>Sender: owner-ietf-fax at imc.org>>At 10:01 24.12.97 +0000, Mike Lake wrote:
>>>It would be nice if we could trade real products in a real world that also
>>thought like this. Maybe one day the secret services will realise that the
>>cold war is over and maybe one day they will relax things. The fact is
>>that all the major ones got together in December 1995 and decided they
>>wanted to keep the same levels of control - or even stronger ones in the
>>light of various terrorist activities in the USA, Europe and elsewhere. I
>>think real-world trading requirements MUST be taken into consideration when
>>defining new standards that new equipment MAY, MUST or SHOULD conform to.
>>It seems reasonable that if in doubt, use MAY.
>>The IETF thinks that the only way we can change the behaviour of the
>Real World is by consistently pointing out to the Real World that what
>they have legislated is stupid, inconsistent, harmful to law-abiding citizens
>and greatly overrated as a tool for law enforcement.
>Read RFC 1984.
>>In standards setting, this means that we specify what security is needed
>to provide the level of security that engineering concerns seem to
indicate is
>necessary and sufficient, whether it is exportable or not.
>>In today's world, implementing nonexportable-class cryptography is dead easy;
>implementing it outside the US without breaking US export laws is trivial.
>Look at the crypto software archives on nic.funet.fi, for instance.
>>The fact that US government policy is harming US companies is not something
>that the IETF is there to help alleviate.
>> Harald T. Alvestrand
>>>>>>Carl-Uno Manros
Principal Engineer - Advanced Printing Standards - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros at cp10.es.xerox.com