[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Stewart Baker on new crypto rules



From: "Michael Froomkin - U.Miami School of Law" <[email protected]>
> http://www.steptoe.com/oped.htm
>
> argues that industry won't accept any system that threatens to cut off
> backwards compatibility after 2 years, hence DES export liberalization
> will have to extend beyond the proposed period.

I take a slightly different moral.  Baker (former NSA attorney) writes:

> If buying key-recovery encryption means customers must give up all
> of their legacy encryption systems, key recovery products will carry a
> near-fatal burden in many markets where encryption is now used widely. The
> transition to key recovery will have to be gradual or it won't happen
> at all.

What I see this as is a call to come up with architectures that will allow
transparent phase-in of government key access (so-called "key recovery")
technology.  The current HP proposal fits in very well with this model.
The appear to be planning on using standard API's so that applications
will be able to switch to using key escrow software without changing the
applications themselves, just the OS.  Maybe there could be a transition
period where both the old and new crypto would both be accepted, then
after a period of time the old wouldn't work any more.

As Baker goes on to say:

> Three years ago, no one in the PC world would have bought an operating
> system that didn't run MS-DOS. Three years from now, we'll be happy to buy
> an operating system that is backward-compatible with Windows 95 but not
> with MS-DOS. And then, at last, we'll throw out all our old DOS programs.

This suggests to me that we need to be vigilant in watching for systems that
will allow for easy "drop in" of key escrow.

Hal