[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: monkey-wrenching GAK



Tim May <[email protected]> writes on cpunks:
> Ray Arachellian <[email protected]> writes:
> >Another thing you can do: generate huge key pairs all day long and submit
> >them to the NSA.  If enough people do this, they will be flooded and
> >overworked [...]
>
> Ah, but what about the _fee_ for registering a key? You really didn't think
> this would be free, did you?

I agree.  With the aim of enforcing True Names, this might also get
tied to an internet drivers license (and your fingerprints (the
physical kind), social security number etc, much like car DLs (from
the other thread)).

> (Note: One of my biggest objections to GAK, besides the political/civil
> rights issue, is what it does to systems which generate lots and lots of
> keys on an ad hoc, continuing basis. 

Yeah, kind of wrecks all the current uses of forward secrecy, DH in IP
link level encryption; temporary RSA keys, and DH used by SSL, and so
on.

The fact that these things are currently in world wide use on a large
scale presents the US law enforcement with problems.  They'd need to
"unpublish", and recall a *lot* of software.  Some of the non-US folks
might not be so keen to do a GAK enabling downgrade.

Adam
--
exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)