Re: SynData/Schneier Attack Network Associates

[Wesley Griffin <wgriffin@enslaved.student.umd.edu>]

> At 11:42 AM 12/5/97 -0500, you wrote:
> > "The government's key recovery program is a complete violation of the
> > individual's right to privacy and, in fact, compromises of the system are 
> > already taking place. This shows that key escrow is an untenable policy," 
> > said Bruce Schneier, one of the world's leading authorities on encryption 
> > and author of the book "Applied Cryptography". "SynData is paving the
> > way for other software developers by taking a stand in opposition to the 
> > government and companies like Network Associates." 
> 
> 
> By "companies like Network Associates", do you mean "companies who are
> members of the Key Recovery Alliance" (http://www.kra.org)? If so, here are
> the "companies like Network Associates", in that regard:  [Note RSA is a
> Charter Member]

This statement is seriously confusing Key Recovery and Key Escrow.  They are 
NOT the same thing.  Everybody knows what Key *Escrow* is and that it sucks.  
Key Recovery is *very* different in that are no databases kept of private keys.
The website you mentioned (http://www.kra.org) contains some very good info on 
how Key Recovery works.  I would like to see the source of Schneier's quote 
also, because I can't believe he could get the two confused.

Wes Griffin
wgriffin@glue.umd.edu