AW: Binding cryptography - a fraud!

[Eric Verheul <everheul@NGI.NL>]

>
>>The idea is that any third party, e.g., a network or service provider,
>>who has access to components 2, 3 and 4 (but not to any additional
>>secret information) can:
>>a. check whether the session keys in components 2 and 3 coincide;
>>b. not determine any information on the actual session key.
>>
>>In this way, fraud is easily detectible: a sender that attempts to
>>virtually address a session key to the TRP (component 3) that is
>>different from the real one he uses on the message (or just nonsense)
>>will be discovered by anyone checking the binding data. If such
>>checking happens regularly, fraud can be properly discouraged and
>>punished.

>
>I am at the same time dismayed and disgusted at the tendency of some 
people
>to want to "detect fraud" on the part of ordinary citizens, as this paper
>appears to want to do, but says _nothing_ about preventing fraud
>_by_government.  How is the average citizen to know if keys are being 
given
>out to government agents for valid reasons?

First of all, that (and the legitimacy of "wiretaps" in general) is 
something that should
be regulated in national law (including procedures, checks and balances, 
penalities). Maybe
you have the opinion that that is impossible to achieve, [or at least that 
making wiretapping
as such by government impossible is the only satisfactory way of doing it 
(-; ]. Our concept
assumes that it is possible and acceptable, although legislation (and 
especially appliance of
it) in some countries might be improved..

Second, the concept is flexible in the choice of Trusted Retrieval Parties; 
we have the opinion
that if you don't trust the existing TRPs then, hey, setup your own TRP. We 
believe that should be possible (and forsee serveral "privacy-protecting" 
organisations doing so). However, as you don't
want to have criminals setting up TRPs, some legislation on this point 
should be made...

Finally, as said in the announcement:
"In [VKT], we explain how we envision the framework in which the binding
concept could present a security tool in the information society."


>
>I am further enraged by the last portion of the paragraph above where he
>says, "fraud can be properly discouraged _and_punished_"  Why "punished"? 
>Why call it "fraud"?  Why should sending the "wrong" bits become a crime? 
>The US government, for example, has repeatedly claimed that key-escrow
>systems should be "voluntary."  Presumably, except for authoritarian and
>totalitarian countries, no other country should force their own citizens 
or
>others to use any sort of key-escrow/GAK system.

Wait a minute. It is a *voluntary* system, but it has some rules that 
apply. The whole
idea here is: if you don't like it, use your own system. "Fraude" refers to 
using the
system without sticking to its rules, maybe fraude has a wrong connotation.

>
>Maybe I'm biased:  I'm a libertarian who believes that sending the wrong
>bits shouldn't be considered a crime.  The problem we have is with the
Depends, it might be childrens pornography. The information society is 
*not* about
bits, but about information.

>politicians, NOT primarily the criminals.  Giving the government the 
ability
>to punish people merely for sending the wrong bits (absent some other, 
REAL
>crime) is an enormous step backward.  And if they're guilty of a real 
crime,
>why bother about the bits?
In a democratic country one needs evidence to convict someone.

>
>Even if I believed in GAK, which I don't, I don't think governments or
>anyone else should be able to determine whether the "correct" code is
>included with the data until and unless the government has a valid 
warrant,
Code is checked (on protocol compliance) by third parties all the time. 
They
should not get any wiser from it, that is the point.


>
>
>Jim Bell
>jimbell@pacifier.com
>
>

Thanks for the feedback, Eric Verheul