[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Another Analysis -- Re: NIST Draft Key Escrow Paper



Declan McCullagh and Gilmore have already provided a brief summary of the
doc, here are a few thoughts I sent to some others last night:

 - the meat is in the footnotes.
 - buzzword compliance: key recovery and Key Management Infrastructure (KMI).
 - intro: market forces and government/industry cooperation.

 - key bullet points:

     o Certificate authorities will operate within performance standards set by 
     legislation
     o Agreements between governments will serve as the basis for international 
     cross certification.
     o Self-escrow will be permitted under specific circumstances. [1]

     [1] The escrow agency must meet performance requirements for law 
     enforcement access.

- Denning's CACM survey key escrow article and Hoffman's "Building in Big
Brother" are cited.

- A lot of talk about "mutually trusted CAs" A footnote [4] "A mutually
trusted authority is an escrow agent trusted by users to store keys and
trusted by law enforcement to provide access upon certification of lawful
authority." One has freedom to choose any CA, as long as the mutual trust
exists.

- At the international level "Law enforcement and some national security
concerns would be protected since government agencies would be able to
obtain escrowed key pursuant to government-to-government agreements."

- Products can be exported to countries with these agreements.

- Self escrow: "To avoid this risk [of investigations being compromised],
independent escrow authorities could be added as another layer. Such a
solution would drive up the cost to operate the PKI and drive down the
efficiency of conducting public key certification functions, particularly
for individual users." [Ok, so independent CAs are "bad" things"] "The
solution may be a national policy which allows CAs for an organization to be
escrow authorities if they can reliably turn over keys in a timely fashion
when requested and to protect the confidentiality of any request for
escrowed key. To this end, the government should seek legislation that would
shield organization certificate authorities from internal pressures in the
course of law enforcement investigations." [A "good" thing?]

- provisions for legislation on civil or criminal liability on the
commercial/private side.

- gives requirements for KMI: key integrity, key accessibility, key recovery
with respect to confidentiality, availability and responsiveness (24 hours)
requirements.

So Clipper III is a bit meaner and leaner. If Clipper I would have sunk
because of sheer clumsiness, a sleeker ship carrying the same load will now
be developed by the free market. The load is the assumption that citizens
can be "compelled in any criminal case to be a witness against himself."

_______________________
Regards,            We could never learn to be brave and patient, 
                    if there were only joy in the world. -Helen Keller
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
[email protected]      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E