[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gack vs. key escrow vs. key recovery

To: [email protected] (Vladimir Z. Nuri)
Subject: Re: gack vs. key escrow vs. key recovery
From: Eric Murray <[email protected]>
Date: Thu, 3 Oct 1996 18:53:17 -0700 (PDT)
Cc: [email protected], [email protected]
In-Reply-To: <[email protected]> from "Vladimir Z. Nuri" at Oct 3, 96 05:33:34 pm
Sender: [email protected]

Vladimir Z. Nuri writes:
> 
> cpunks, a note about recent developments in "key recovery" initiative.

[...]

> is the government always going to be your 
> enemy, no matter what they do?

It seems to be bent on doing so.

> I have posted here before that many companies find the concept
> of "key recovery" highly acceptable and even desirable. the 
> basic question is, what does this mean to wiretapping and 
> search warrants and subpoenas?

They get served, and the keys are produced.  Same with personal
crypto- if I'm in court and some encryped file that I have the 
key for is demanded as evidence, I provide the key or get
hit with contempt of court, my choice.
No one is arguing about that.  The objections to Clipper III are:

1. built-in wiretapping. Clipper III requires that subjects of
"key recovery" wiretaps are not notified of the government's
"recovery" of their keys.  While this _is_ analagous to phone
wiretaps, it is not of anything else.  The cops have to serve
you a warrant, not sneak in and read the papers in your desk.
Why should encrypted files be different?

2. Coercion.  I don't see anything wrong with key escrow
(original meaning, not GAK).  I think it's useful for business.
Required for some.  It's being coerced to implement it that is
distasteful.  If you think that Clipper III isn't coercion, you're
wrong- note that the licenses to export GAKware are reviewed every 6 months
and expire after 2 years if GAK isn't in place.  That's a clear
"you're on our side or your not" from the government.  Having
the possibility of your product suddenly becoming worthless
every 6 months will keep companies in line.

3.  It's still too weak. 56 bit DES isn't enough- it can very probably be
cracked in < 12 seconds by the NSA.  If not real time.

4.  It's the camel's nose in the tent.  First "key recovery"
then full GAK then penalties/jail time for for "terrorists"
or "gang members" who use unGAKd crypto.

-- 
Eric Murray  [email protected]  [email protected]  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF

Follow-Ups:
- Re: gack vs. key escrow vs. key recovery
  - From: Dale Thorn <[email protected]>

References:
- gack vs. key escrow vs. key recovery
  - From: "Vladimir Z. Nuri" <[email protected]>

Prev by Date: Re: Margaret Milner Richardson loses her breakfast...
Next by Date: Lack of reporting on CALEA and Encryption issues ...
Prev by thread: gack vs. key escrow vs. key recovery
Next by thread: Re: gack vs. key escrow vs. key recovery
Index(es):
- Date
- Thread