[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
binding cryptography
liberal (Japan) to non-liberal (France). We believe that "binding
cryptography" is flexible enough to achieve this: a liberal crypto
policy might use no Trusted Retrieval Parties at all, while a very
non-liberal country might want one (government controlled) TRP, a
compliance check on all network traffic and a ban on other crypto.
I doubt that even French internet providers would want their routers
to perform six modolo exponetiations and four modolo divisions
whenever someone opens a secure socket...
We offered a solution for the *first* task not for the *second*; the
point is that criminals(!) do not gain any real advantage from using
the system in that way as they - among other things - still face the
key-management problem. The above dicussions are only relevant in
countries where the use of crypto outside the structure would be
prohibited.
Of course, criminals do get real advantage from this system. They can
use strong encryption for their messages and super-encrypt them using
"binding" cryptography. So their illegal messages look perfectly
inconnous as long as their government trusts in the "binding" property
of this scheme. Only when the GAK key holder tries to decrypt a
message, they notice that they cannot read it.
Can you imagine that anyone would ever create a program that tries to
look like a conforming implementation, but generates invalid "binding"
data -- when it is so much easier to simply use PGP, and (if
necessary) disguise that fact using the government-approved encryption
software? I don't, so in my opinion the verification process is
abolutely useless. One might say, binding cryptography, like several
other cryptographic protocols, is a nice 'solution', but one with no
corresponding 'problem' in the real world. :) It doesn't help in
legitimate law enforcement, but it causes trouble to network operators
and it deprives law-abiding citizens of their privacy.
And criminals don't face "the key-management problem". In any GAK
scheme, the official keys can be used to certify other un-escrowed
encryption keys. Binding cryptography makes it just a little easier,
because there is no need to create any "illegal" key pairs. Everyone
can encrypt messages using the government-certified ElGamal keys,
and then repeat that process, this time including the data required
for goverment access.
that use of other systems will always be possible. Also, the above
discussions already showed that if such a system is voluntary, then
there are lots of way to go around it.
Criminals will always find ways around these systems -- even if they are
mandatory. Just those who actually "have nothing to fear", will not
go in the risk to use illegal encryption. So governments can wiretap
law-abiding citizens, but not criminals. What useful is a system like
that?
--
one ring to rule them all, one ring to find them
one ring to bring them all and in the darkness bind them
in the land of mordor where the shadows lie.