[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Jim clark spoke last November in favor of GAK
Here are Jim Clark's comments in favor of GAK. It should be
emphasized that since then, Netscape has officially clarified its
position against GAK, and that the actions of the company speak loudly
of their support of strong crypto. Nonetheless, these comments were
made for the record, so let the record show:
...
[Segue from a brief explanation of public key cryptography and
certification authorities]
So, this is a sophisticated enough system, but you run into a problem.
I mean, it all works perfectly. Assuming there's no compromises in the
the basic... Assuming there's no holes in the operating system, or no
other ways of getting into the computer that's doing all this stuff,
then you've got a system that's bulletproof. That's the problem. The
government doesn't want it to be bulletproof. And the reason they
don't is they want to be able to get access in cases of where there's
national security issues or such, they want to be able to get access
to your private communications.
But you can break that into two parts. There's one area that they
don't care about. And that area is if you cannot possibly send an
encrypted message to someone... Let's take as an example, you're doing
a financial transaction. If that transaction can only... If that
communication can only be used to do a financial transaction, such as
move money from A to B, or doing a wire transfer of funds, the
government doesn't care about that. Uh, maybe they do, but the point
is that's not the kind of communication where you're going to possibly
say I'm going to blow up the World Trade Center, or some such thing.
That's where they're worried.
But this whole process leads to a set of questions about how you
protect this data encryption technology - how you make it usable in a
way that the government finds acceptable, and that you as the
individual or you as the corporation find acceptable. And I've been
thinking about this a lot. It's clear that this notion of issuing
someone a bulletproof key, that is, that create their own private key
where they can do any arbitrary communications via email to anywhere
in the world with no restrictions and no one can possibly eavesdrop.
It's clear to me that that is not going to happen. And the reason it
isn't is that the governments of the world aren't going to let it
happen.
So you might as well sort of accept that at some level the government
is going to be able to overhear or eavesdrop certain aspects of what
you do. But as I said, the financial aspects, pure financial
transactions, not general purpose electronic communications, but pure
financial transactions, they really don't care. That isn't what
they're trying to eavesdrop. They just want to be able to hear if
you're planning on doing some illegal activity.
And therefore this idea of key escrow comes up and that's what this
chart, this thing is about. Key escrow. For the government, you know
your private key, but also the government knows your private key.
(now, you can, and so) That's one way to do it. They can always know
your private key. You know, you've got a problem with your company
too. (but, you know) Most companies are trying to protect the
interests of the company and the shareholders, and that means that
companies, (I mean I know it, but) I'll bet every single one of your
companies has a mechanism to allow them to listen to your email or
your voicemail or look at some of that stuff at some point in history
because you might be doing something that compromises the interest of
that company, illegally.
So, even there, you need some mechanism to allow a corporation or the
government or someone to be able to get access when they absolutely
have to. That's the rub. When is, when do you absolutely need that
kind of access? We'd all like to think it's as rarely as possible, and
hopefully, never. But I think that these public key cryptosystems have
to accomodate that kind of need. They have to allow people in
governments to be able to access it.
(I, I mean) I just came back from Europe. And, you know, we're allowed
to export only the 40-bit version of our product into those countries.
Well, I can assure you that's not satisfactory from those (companies')
countries' point of view. Companies and the countries of Europe,
Germany, France, the UK, want to be able to have just as secure
communications as we can have inside our country. Because it's not to
do illicit things, it's to protect business secrets, so if they're
going to use the Internet for generalized communication they want to
be able to protect their generalized communication - against corporate
espionage. And that's a very, very valid requirement.
And so, I think we're taking the wrong solution if the way we're going
to protect information is just to make the keys easier to break, to
make the lock easier to break. We have to find a better way. That
means you need long keys, you need to have them be bulletproof, but
there needs to be some sort of access, and that's where the idea of
key escrow comes. But I think the key escrow idea is a little bit
wrong, because I think what you really need is the ability to... Think
of it this way; if I've got a lock, my key will open the lock. But I
may want to have another keyhole, where someone else's key will open
that lock as well. That other key might be the government's key. It
might be the key of my corporation if I'm doing corporate business.
(but) Or for example, you might have a health record, you know, a
medical record. You want to protect that. That's your private
information. But what happens when you're disabled, and there's an
emergency you need to get access to your health data, then there needs
to a be keyhole to allow people to open the lock in that case too.
So there's a kind of a diferent concept or a different mechanism -
multiple keys opening a lock, for example. There's one potential way,
and what we need is an electronic equivalent to that, I think these
things will come along very shortly.
You might also want to have unanimous, all keys have to be inserted
into the lock, kind of like the infamous red button that launches
missiles. The president and several other people have to have access
to it. This is the general concept, and I think that's what we're
going to have to have in a data security sense.
So, I have spent some time talking about the company Netscape, a
little bit about security in general...
Transcribed from:
DCI Email World and Internet Expo held in November 95 in Boston.
DC9523 session 100 - Security on the Net.
Tape is available from Conference Copy Inc.
http://www.confcopy.com/TAPES