[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How I Would Ban Strong Crypto in the U.S.



At 6:58 AM -0700 7/15/96, Raph Levien wrote:

>2. The battle for key management has not yet been fought. The lack of a
>key management infrastructure is the main reason why people don't use
>PGP widely. This is demonstrated quite clearly by the fact that only a
>few of the people I correspond with, including many premail users,
>actually encrypt messages on a routine basis. If the key management
>stuff were in place, it would "just work."

It is about to be fought. I've got my money not on the government but on
Verisign, which has been issuing site certificates for some time now, and
just started issuing personal certificates which will permit message
encryption using certified, Netscape-generated public keys, among other
things. I think they and the free market will win, over the government,
hands down.

In that context (and in that context only), a lot of the heat from  PGP
fans against heirarchical certification is counter-productive to the above
battle, in that it diffuses the crispness with which successful secure (BBN
boxes, etc.) trusted heirarchical certification authorities will become the
de facto standard and freeze the government out (absent some new draconian
laws).

>
>3. Anybody can write an application that supports strong encryption
>algorithms. Witness SSH, a very impressive and useful program, which was
>basically done by one person, Tatu Ylonen. However, building a key
>management infrastructure will take lots of money, hard work, and
>cooperation.

Verisign and RSA have already made the investment and the mechanism is now
in place and working automatically (except for the higher assurance
certification for which you need to appear before a notary if you're not in
a corporate heirarchy). They've cleverly automated a validation of
moderate-assurance certificate applicants' claims by automatically hitting
the Equifax data base, and the low-assurance (persona) certification is
automated so you need to "just ask". This won't cover everyone, but will
cover so many as to make little difference to widespread acceptance.

>
>3a. Consider a future scenario in which a key management infrastructure
>allowed big, unescrowed keys to be distributed widely, but that export
>controls on clients prohibited the use of secure symmetric algorithms.
>Such a situation would not be stable - the incremental cost of
>uncrippled clients would be so small, and so tempting, that they would
>spread like wildfire.

Depends on the organizations. Big corporations (which carry considerable
influence) aren't going to violate local laws. Thus we may see a "have" and
"have not" escrow-less crypto world outside the US rather than the
hoped-for-nirvana, depending on local laws and individuals' willingness to
violate them.

>
>4. Thus, the best leverage for the TLAs to win is to guide the
>development of a key management infrastructure with the following
>property: if you don't register your key, you can't play. I believe that
>this is the true meaning of the word "voluntary:" you're free to make
>the choice not to participate.

That is exactly what the NRC report recommended and why I opposed it so
vigorously despite its other good features.

>
>5. This is _important_. If you can't get the keys for your
>correspondents, you can't use encryption. If they build a key management
>infrastructure that actually works, people will use it.
>

>6. Export is a two player game. The other country has to allow import of
>the stuff, too. If the Burns bill passes, the "administration" would
>strong-arm other countries to prohibit import of strong crypto, still
>leaving US developers with no market.

We don't have to strong-arm anyone. Harbingers in the UK, the European
Parliament (or is it the Council?), the Netherlands, and the existing
situation in France provide little reason for optimism.

>
>7. Building this stuff is too much of a task for the TLAs. They tried it
>with Clipper, and it failed. They hoped that building the Tessera card
>would be enough - that once they threw it over the wall, it would be
>eagerly snapped up by industry.

Remains to be seen. Netscape has a version they did for the government
which uses Tessera PCMCIA cards. If some big corporation adopts it, others
will follow. Don't count your chickens, etc.

>
>8. Thus, they're going to cajole, bribe, and coerce software companies
>to play along. This fact is quite nakedly exposed in the document (good
>thing the injunction against the CDA is still in force :-).

They don't have to do any of the above. All they have to do is legitimately
contract for their own needs. This will get the costs down (by paying off
the costs of entry/capital costs) so that civilian offerings from the same
technology base could be quite price-attractive. The use of government
market purchasing power to influence events is now very well understood--we
(and Arthur D. Little) first studied it in connection with stimulating
energy conserving buildings back in 1970 when I was in the Department of
Commerce.

> But, most
>importantly, neither of these systems can actually be used on a
>widespread basis, because of the lack of a key management
>infrastructure.

You will find it instructive to check out the Verisign web site, download
the public beta 5 of Netscape 3.0, generate some keys and get some
certificates, and in two or three months check out the promised Netscape
4.0 beta which will have e-mail encryption.

David