[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Binding cryptography - a fraud-detectible alternative to key-esc



I haven't seen the technical papers behind the postings you've made
to the net, but the overall approach sounds very similar to "Clipper II",
the Software Key Encryption work that the TIS people (Steve Walker?) and
Dorothy Denning were touting a year or so ago.  It wasn't in your references,
and it's clearly close enough to be worth your attention.  The design was
interesting -
it chose a set of public and symmetric key encryption that allows the recipient
to validate the sessionkey-encrypted-to-key-copy-holder*.

A not-highly-technical description of the TIS CKE Commercial Key Escrow
system is at http://www.tis.com/docs/products/cke/present.html,
particularly present9b.html.  It's worth reading for the appalling graphics
alone :-)  I don't seem to have a copy of the technical description anywhere.
<IMG href="http://www.tis.com/docs/products/cke/pres7a.gif">

A major capability that was missing from Walker's SKE work is the ability
to split the copied* key into two or more parts, all of which are need to
recover the session key, while making it possible to validate that the
pieces do add up to the session key.  (This was also missing from the Clipper
chip in hardware, which pretended to do it in the master key setting process.) 
Can you extend the approaches you're using to allow an outside party,
or at least the recipient, to validate that the two parts of the copied key
contain the complete session key? 


[* I'm using the terms "copied key" and "Key copy holder" to refer to the
copy of the key that you're giving to some third party and the third party.
The term "escrow" is generally not applicable to the applications that
transmit a copy of the key to some third party, and the technologies
involved don't specify, communicate, or enforce conditions for access.
TIS's CKE does at least cart around a 32-bit user-defined string for specifying
recovery conditions, but there's not technical enforcement.  ]

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.