[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sterilized medflies of crypto

>Message-Id: <[email protected]>
>To: [email protected] (Carl Ellison)
>Subject: Re: Sterilized medflies of crypto 
>Date: Sun, 01 Aug 93 22:07:21 -0600
>From: "L. Detweiler" <[email protected]>

>>By "milking the algorithm talk", I'm talking about getting everybody to look
>>at the algorithm which might easily be secure and ignore the weakness:
>>the registration of keys.
>>I don't care about the algorithm.  I care about registration.  That's what I
>>want to see people/press/citizens outraged about. 
>amen. Sorry you didn't elaborate on this on the list.

OK -- here's my replies for the list.

>The whole Key Escrow thing is totally ill conceived. It is clearly not
>the underlying point of the proposal. They don't name the entities.
>Denning comes up with some strange explanation of laptops in a vault
>shortly after the announcement. It is so transparent it is
>pathetic--but unfortunately the issue is largely framed as `who will be
>the agencies' in many places so far...

I believe key registration is the *whole point* of the Skipjack proposal.

This is the first time in the history of cryptography, as far as I can
tell, when a government has tried to interfere with the private citizenry's
ability to use strong cryptography -- and they're doing it strictly through
key registration.

However, being clever folks, they have added a strawman to the proposal.
They proposed an NSA-designed algorithm -- something people would fight in
such a way that the government could hopefully turn around and call the
opponents paranoid and get the public to believe the gov't, writing off the

Look back at the original announcement.

The gov't said, in effect, 'if you don't like to use NSA's algorithm, you're
free to design algorithms of your own provided they permit key escrow.'

Then they left that as a note -- an aside -- and proceeded to take on all
comers w.r.t. the Skipjack algorithm.

I say:  don't fight their strength, even if it's flawed.  It's a tar
baby at best.

We should fight the only thing which matters:  key registration.

What's important about key registration, to me, isn't the details.  It's
the philosophy.  This is the first time in the history of the world that
the government has laid any claim at all to a citizen's cryptographic

The government has never had a right to private keys.

The private crypto users have always had strong crypto.

The government should never have the right to private keys.

Private crypto users should always have strong crypto in the future.

 - Carl