[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] PECSENC denkt ueber Beschraenkungen bei SmartCards nach
- To: debate@fitug.de
- Subject: [FYI] PECSENC denkt ueber Beschraenkungen bei SmartCards nach
- From: Horns@t-online.de (Axel H. Horns)
- Date: Sat, 15 May 1999 10:52:15 +0100
- Comment: This message comes from the debate mailing list.
- Organization: Private Site
- Reply-to: horns@t-online.de
- Sender: owner-debate@fitug.de
[Das President's Export Council Subcommittee on Encryption (PECSENC)
des U.S.-Praesidenten hat gestern, am 14. Mai 199 in oeffentlicher
Sitzung getagt. Einige Papiere dazu sind jetzt auch on-line
verfuegbar. Einer der interessanten Aspekte scheint offenbar auch zu
sein, dass man in den USA ueber regulatorische Zugriffe auf die
SmartCard-Industrie nachdenkt, da die Crypto-Faehigkeiten auf
Chipkarten einigen leuten unheimlich werden. -AHH]
http://jya.com/pecsenc051499.htm
-------------------------------- CUT --------------------------------
[...]
[Attachment 3]
SMART CARDS
INTRODUCTION
The nature of computing changes day by day. one of the more obvious
changes has come in the size of what can be called a computer. No
where is this more evident than in the smart card technologies.
[...]
In this environment the issues include:
1. What would cause the DOC/BXA to want to regulate smart cards?
2. What would be the objectives of such regulation?
3. What would be the market impacts of those objectives?
4. What would be the risks to current encryption export policies
of not regulating smart cards?
5. What would be the risks to current encryption export policies
of regulating smart cards?
6. Would export controls be imposed based on the architecture of
the IC; i.e., cryptographic co-processor?
7. Are smart cards covered by the personal use exceptions?
8. Would smart cards used to transport encryption keys be
exempted?
9. Is it necessary to regulate smart cards, because the
cryptographic keys are likely recoverable using timing attacks,
differential power analysis, static power analysis, or other
physical attacks?
10. Would the IC or the software on the card to be regulated?
Both?
11. If smart cards are to be controlled are current policies
sufficient to regulate smart cards?
12. How would such regulations be implemented?
13. Most smart card applications use cryptography for
authentication. What would be required to document that those
applications could not be converted to alternative use
applications such as confidentiality?
14. Who would be responsible for compliance, the application
owner or the cardholder?
[...]
-------------------------------- CUT --------------------------------