Home page logo

interesting-people logo Interesting People mailing list archives

IP: IAB/IESG on Wassenaar
From: Dave Farber <farber () cis upenn edu>
Date: Fri, 25 Dec 1998 12:53:40 -0500

Date: Fri, 25 Dec 1998 11:28:24 -0500
To: Dave Farber <farber () linc cis upenn edu>
From: Don Heath <heath () isoc org>


Here is a copy of the ISOC press release on the IAB/IESG statement
regarding Wassenaar.  You have done many good things regarding
educating your IP readerson the subject, and I thought they might 
be interested.  At the same time, I expect many have already seen 
reports of the statement, if not the statement itself.



December 22, 1998


Hackers Can Crack Secret Codes in a Day,
Technical and Standards Groups Warn

WASHINGTON, D.C. -- The Internet Architecture Board (IAB) and the
Internet Engineering Steering Group (IESG), two international groups
responsible for technical management and standards for the Internet,
today issued a warning that the Internet will be weak and vulnerable
because of the restrictions recently placed on the export of encryption
     The IAB and IESG issued the warning in a joint statement in response
to recent changes to the Wassenaar Arrangement, which would limit the
availability of strong encryption software.  Hackers could crack code
using the current approved length of 64-bit ciphers in less than a day
with a relatively small investment, according to technical experts.
Three years ago, the groups endorsed a 90-bit key as the minimum for
security for Internet communications and commerce.
     In addition to identifying both potential threats to privacy and criminal
assaults on safe electronic commerce, IAB and IESG raised a concern about
the negative impact of the restrictions on developing countries.  Many
countries are new to the network and may lack the financial and technical
strengths to develop their own cryptographic capabilities.  The exportation
of stronger encryption software will support development of their networks
for communications and commerce.
     The IAB/IESG statement was endorsed by the Internet Society, the
non-profit, non-governmental organization representing Internet users in
more than 150 countries in advocating global coordination and cooperation
on the development and growth of the Internet.  ISOC previously raised
concerns about export controls slowing the deployment of security at the
same time the Internet is exponentially increasing in social impact and
its attackers are increasing in sophistication.

     The IAB and IESG deplore the recent changes to the Wassenaar Arrangement
(http://www.wassenaar.org) that further limit the availability of
encryption software by including it in the Wassenaar agreement's list of
export controlled software (section 5.A.2.a.1 of the list of dual-use
goods, WA LIST 98 (1)).
     As discussed in RFC 1984 (Request for Comment No. 1984), strong
cryptography is essential to the security of the Internet; restrictions
on its use or availability will leave us with a weak, vulnerable network,
endanger the privacy of users and businesses, and slow the growth of
electronic commerce. The new restrictions will have a particularly
deleterious effect on smaller countries, where there may not be enough of
a local market or local expertise to support the development of indigenous
cryptographic products. But everyone is adversely affected by this; the
Internet is used worldwide, and even sites with access to strong
cryptographic products must be able to talk to those who do not. This in
turn endangers their own security.
     We are happy that the key size limit has been raised in some cases from
40 bits to 64; however, this is still too small to provide real security.
We estimate that after a modest capital investment, a company or criminal
organization could crack a 64-bit cipher in less than a day for about
$2,500 per solution. This cost will only drop in coming years. A report
released about three years ago suggested that 90-bit keys are the minimum
for long-term security.

Brian Carpenter (IAB Chair)
Fred Baker (IESG and IETF Chair)

     The Internet Engineering Steering Group (IESG) is responsible for
management of the Internet Engineering Task Force (IETF) activities and
the Internet standards process. The IESG is directly responsible for the
actions associated with entry into and movement along the Internet "standards
track," including final approval of specifications as Internet Standards.
IESG Members are highly qualified individuals who (along with their
employers) make a commitment of time and energies to serve the Internet
community. E-mail addresses for Area Directors of IETF Working Groups and
other information may be found at
     The Internet Architecture Board (IAB) http://www.iab.org/iab provides
oversight of the architecture of the Internet and its protocols. It also
serves, in the context of the Internet standards process, as a body to which
the decisions of the IESG may be appealed. The IAB is responsible for
approving appointments to the IESG from among the nominees submitted by
the IETF nominations committee. The IAB also acts as a source of advice
and guidance to the Internet Society concerning technical, architectural,
procedural and policy matters pertaining to the Internet and its enabling
     The Internet Engineering Task Force (IETF) <http://www.ietf.org/> is the
principal body engaged in the development of new Internet standard
specifications. There is no formal membership in the IETF. It is open to
any interested person. The IETF is divided into eight functional areas:
Applications, Internet, IP: Next Generation, Network Management,
Operational Requirements, Routing, Security, Transport and User Services.

The IAB, IETF, and IESG are chartered by the Internet Society (ISOC), a
non-profit, non-governmental international organization that promotes and
maintains a broad spectrum of activities focusing on the Internet's
development, availability, standards and associated technologies.  Its
mission is to support and advocate reliability, stability and security
while supporting growth of the Internet in developing countries through
worldwide education programs.  Founded in 1991, it is based in Reston,
Virginia, and has chapters throughout the world.

The Wassenaar Arrangement has been established in order to contribute to
regional and international security and stability, by promoting transparency
and greater responsibility in transfers of conventional arms and dual-use
goods and technologies. Participating states seek to ensure that transfers
of these items do not contribute to the development, enhancement or support
of military capabilities. The U.S. is among 33 participating countries, and
each state retains sole responsibility to deny or approve transfers based
on national discretion.
Contact Information:

        Vint Cerf, chairman
        Phone: 703-715-7432
        Don Heath, president; or Marty Burack, executive director
Phone: 703-649-9888
Email: Don Heath <heath () isoc org>
Marty Burack <burack () isoc org>

Tom Gable or Rick Cook, The Gable Group
        Phone: 619-234-1300
        Email: Tom Gable <tomg () gablegroup com>
Rick Cook <rick () gablegroup com>

  By Date           By Thread  

Current thread:
  • IP: IAB/IESG on Wassenaar Dave Farber (Dec 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]