[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gack vs. key escrow vs. key recovery
Vladimir Z. Nuri writes:
>
> cpunks, a note about recent developments in "key recovery" initiative.
[...]
> is the government always going to be your
> enemy, no matter what they do?
It seems to be bent on doing so.
> I have posted here before that many companies find the concept
> of "key recovery" highly acceptable and even desirable. the
> basic question is, what does this mean to wiretapping and
> search warrants and subpoenas?
They get served, and the keys are produced. Same with personal
crypto- if I'm in court and some encryped file that I have the
key for is demanded as evidence, I provide the key or get
hit with contempt of court, my choice.
No one is arguing about that. The objections to Clipper III are:
1. built-in wiretapping. Clipper III requires that subjects of
"key recovery" wiretaps are not notified of the government's
"recovery" of their keys. While this _is_ analagous to phone
wiretaps, it is not of anything else. The cops have to serve
you a warrant, not sneak in and read the papers in your desk.
Why should encrypted files be different?
2. Coercion. I don't see anything wrong with key escrow
(original meaning, not GAK). I think it's useful for business.
Required for some. It's being coerced to implement it that is
distasteful. If you think that Clipper III isn't coercion, you're
wrong- note that the licenses to export GAKware are reviewed every 6 months
and expire after 2 years if GAK isn't in place. That's a clear
"you're on our side or your not" from the government. Having
the possibility of your product suddenly becoming worthless
every 6 months will keep companies in line.
3. It's still too weak. 56 bit DES isn't enough- it can very probably be
cracked in < 12 seconds by the NSA. If not real time.
4. It's the camel's nose in the tent. First "key recovery"
then full GAK then penalties/jail time for for "terrorists"
or "gang members" who use unGAKd crypto.
--
Eric Murray [email protected] [email protected] http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF