[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Analysis of proposed UK ban on use of non-escrowed crypto.



On Thu, 27 Mar 1997, Kent Crispin wrote:

> > 	The PGP web of trust idea is more than sufficient.
> 
> No, it is completely inadequate.  I am the office-supply manager the 
> San Francisco branch of Big Well-known Company,  Inc.  I have 
> signature authority in the company for purchases up to $5000, 
> otherwise I have to get higher-up approval.  I have a "company 
> signature" which is authorized for that amount, one of about 800 such 
> signatures.  I wish to purchase office supplies from a large office 
> supply wholesaler in New York, which has literally tens of thousands 
> of customers.  The "web of trust" model simply does not handle this 
> kind of situation well.  I realize that some of the keyservers are 
> very high performance -- that's not the problem.  The problem is the 
> structure of the web itself.  If there were some trusted *authority* that 
> could sign keys...

Sure there is.  The HR department of Big Well-known Company, Inc. can 
sign the employee's keys.  What's the problem?  If you want to order 
something you do so by generating a P.O. or by using a credit card.  What 
does the web of trust have to do with this?

If you need approval, it's simple, you ask for it.  When you get it, you 
order your 10,000 pencil erasers.  You don't have to use PGP signatures 
for orders, but you can if the infrastructure is there between both 
companies.
 
> >	If you
> > 	want, you can designate a third party as a trusted
> > 	authority.  However, this is not needed if you meet
> > 	the person with whom you will communicate in person
> > 	and exchange public keys.  Further this trusted
> > 	authority needn't be a government entity thank you.
> > 	This could easily be your lawyer, Verisign or some
> > 	other entity.
> 
> This is no longer a web of trust model, it is a Certificate Authority 
> model.  Certificate authority standards are developing at warp speed.

No shit.  Both are possible.  Whichever your company wants it will use.

> > 	The only legal support needed for digital signatures
> > 	is for the courts to recognize that digital signatures
> > 	are equivalent to their analog counterparts.
> 
> The *only* legal support?  This is a *big* deal, and the issues are 
> very complicated.  Handwritten signatures and digital signatures are 
> really quite different.

I claimeth not lawyerhood, but IMHO, it can stand up in court if both 
parties agree to it by analog signatures infront of a notray.  Any 
lawyers care to comment?

> >	This could
> > 	be binding if the two parties sign something that says
> > 	"If I use PGP to sign a document I agree to allow that
> > 	document to be treated as if I signed it." (IMHO)
> 
> Sure.  It's been done, in fact.  However, pairwise contracts with
> everyone you do business with is not going to cut it.  You need laws
> for this. 

Not if it is agreed by all parties involved and their lawyers to honor 
such signatures. (IMHO)

> [...]
> > 
> > > 	4) Businesses, especially large businesses, will (and do)
> > > 	want common standards for key and DS management.
> > 
> > 	Yeah, and they also want standards for software.  I.e.
> > 	Word Perfect Office versus Microsoft Office. Lotus
> > 	Notes Domino versus Netscape Enterprise server.  However
> > 	neither of these examples show a need for government
> > 	entities.  They can easily say "We use PGP as our
> > 	signing standard, and our notary will be shown
> > 	a person driver license and will sign a printed email
> > 	with that person's key for proof."	
> 
> This is pair-wise contracting again.  Note, incidentally, that 
> standards concerning signatures are of a different order than 
> standards concerning office software.  There far more pressing 
> liability issues with digital signature.

Really? you must not have been gotten infected by the slew of Word and 
Excel viruses out there.  Might be a very good lawsuit against Micro$oft 
that they allowed such things to happen.

Standards for a company are standards for a company.  Which standard has 
more weight or importance is up to that company.  Sure, it is on a bigger 
scale that installing XYZ OfficeWare and getting your ass fired, but it 
is still a standard.

Is there any reason that a specific company CAN'T decide to use PGP? (or 
PEM, or some other scheme) if it so choses?

> > > 	9) There is a high probability that a widespread standard
> > > 	for enterprise level key management including key escrow
> > > 	will develop in the next few years.
> > 
> > 	Why jump to key escrow all of a sudden?  You see, a 
> > 	corporation can escrow its own keys in a fire proof
> > 	safe off site.  Why use a government agency where any
> > 	two bit crooked employee can access the keys of that
> > 	corporation?
> 
> I didn't say "government agency".  I said "Enterprise level".  A
> fireproof safe offsite is indeed a crude form of enterprise level key
> escrow.  But it's not really very useful.  Imagine a company with 
> several thousand employees, with each employee having a company 
> signature key.  You use your key for all kinds of mundane things -- 
> signing your time sheet, signing purchase orders, signing memos, 
> etc.  (This is not one of your personal keys that you use when you 
> send email to your lover.)  You have a turnover of several people a 
> month, people forgetting passphrases, people invalidating keys 
> because of a passphrase compromise, etc.  These are company signature 
> keys, also used for encrypting email, so the company escrows all the 
> secret halves of the keypairs.  (There is no privacy issue here -- 
> these are all company keys used for company business, all the 
> encrypted documents are company documents.)

So what's the problem?  You hire people to keep track of assigning, 
escrowing, and signing keys for your employees.  You have IS staff and 
security staff to watch for breeches.  You can automate tons of this with 
good written scripts that automatically scan all email for valid 
signatures and raise alarms when signatures don't match.

Where is this not useful?  For a small company a locked safe is plenty.  
For a large company, you hire HR/Security folks to be your "Key Agents" 
or whatever.

 
> In this scenario there is daily access to the key escrow system.  A 
> fireproof safe offsite is not the most convenient way to deal with 
> the problem, and so the company will buy a software solution -- a 
> nice, cryptographically secure, software solution.  (This is 
> obviously not a hard problem -- any cypherpunk should be able to 
> design such a system.)

Yeah, ditto.  We agree on this.  We also would want something sent 
offsite incase of nuke, flood, fire, or mass suicide. :-)  (sorry had to 
throw in a Heaven's Gate ref somewhere.)

> > > 	10) This will converge with legal developments motivated by
> > > 	Digital Signature and support for electronic commerce, so that
> > > 	the standards will actually be government standards with at
> > > 	least partial force of law.
> > 
> > 	Why do commercial standards need be the same as those 
> > 	dictated by govermental standards? 
> 
> Many commercial "standards" are legal standards, supplied by the
> government.  In fact, the whole legal infrastructure of business law
> is really, when you get right down to it, a set of legally mandated
> standards.  Standards are all over the map, when it comes to legal 
> status.

Because there are laws that force such standards on the company.  So far 
are there any laws that say you can't use anything but DSA? (Or Clipper, 
or whatever NSA backed scheme d'jour is being pushed?)  If there were 
such laws in progress, they would be fought. :)

> >	Why does there need
> > 	to be a law that says "All businesses MUST use clipper
> > 	(or whatever) and escrow keys with the FBI/CIA/etc.?"
> 
> There doesn't need to be such a law.  

So we agree. :)

> [...]
> > 	Sure, hence the old "When encryption is outlawed only outlaws will
> > 	encrypt" slogan.  Why do we need laws to state what a company is
> > 	allowed to encrypt or not encrypt?  And why must those state
> > 	what cypher, bit lengths, and methods they must use?  And that they
> > 	must be escrowed in a certain way?
> 
> How about a law that stated that all RSA keys used for digital 
> signature must be at least 4096 bits in length before they will be 
> accepted as legally binding?  Would that be a good law or a bad law?

It would be cool by me to impose a minimum provided that the current state of
hardware could process such keys without too much of a delay factor, but not
a maximum.  If I am sick enough to want a 16384 bit RSA key, why force me to
use something lesser?

But within a company, were I insistent enough for whatever reason to use 
384 bit RSA keys, as weak as they are and that was my company's policy I 
should be able to allow it.  (Just as employers can read email if you 
expect that you have no privacy on the company email system.)

> > 	Where I work, we keep in "escrow" a key database (on index cards)
> > 	with all the passwords for all the machines.  Also in that fire
> > 	proof safe live all the backups.  
> 
> Funny, we do exactly the same thing.  Except once a year or so 
> complete backups are carted off to the desert, and stored 
> forever. 

Ours is a bit more paranoid.  We offsite a tape on the 15th and last day 
of every month.  Every few months we burn a pair of CD's of the important 
stuff, keep one in the local safe, one offsite.

> > Yeah, and likely you should change your underwear since it is soaked in 
> > it. :)
> 
> Over the years I've developed an asbestos butt.

It helps (looking at my own flame resistant shorts...)

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|[email protected]|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================
  For with those which eternal lie, with strange eons even death may die.