[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why is cryptoanarchy irreversible?



At 8:48 PM 11/7/1996, Timothy C. May wrote:
>At 7:20 PM -0800 11/7/96, Peter Hendrickson wrote:
>...
>> I cannot speak for the GAK advocates.  However, you could establish a
>> system where messages between two countries are encoded with keys
>> which are made available to only the two countries in question.
>>
>> A really simple scheme to do this would be for each country to publish
>> a public key.  You would be required to encrypt the key to the message
>> with the national public key.  That scheme would be fast to deploy.

> Well, this is not what the proposals for GAK involve. If it were _only_ a
> matter of each country requiring GAK for communicatons entering its
> country, then this would be as you describe (not that many of us would
> approve of it).

> What complicates matters is that the U.S. proposes that _it_ keep
> records/escrows of communications with, say, recipients in Libya. Or
> Russia, or Burma, or Tazbekinoya. This means automatically that simplistic
> models ("encrypt to the public key of Tazbekinoya" will not be sufficient).

The U.S. would have to concede this point, and it would be a likely one
for it to concede.  The reasonable Schelling point for inter-governmental
relationships on this matter is for the each government to have access
to whatever communications it likes within its borders but that the
contents of communications between governments is shared.  This could
be set up exactly the same way tax treaties are set up now.

Technically, this is not hard to do.  For instance, I think PGP encrypts
messages for multiple recipients by encrypting the same session key
with each recipient's public key, and then attaching the same IDEA
encrypted ciphertext:

<Session Key with Alice's Public Key><Session Key with Bob's Public Key>
<IDEA encrypted message>

All GAK requires is that you also encrypt the session key with the
government's key:

<Session Key with Alice's Public Key><Session Key with Bob's Public Key>
<Session Key with Eve's Public Key><IDEA encrypted message>

For multiple government access to keys, you encrypt the session key
with the foreign government's key, too:

<Session Key with Alice's Public Key><Session Key with Bob's Public Key>
<Session Key with Eve's Public Key><Session Key with Yvette's Public Key>
<IDEA encrypted message>

>> In a more complicated and secure scheme, you would be given a public key
>> from each country that was unique for your communications at the same
>> time you were granted your international communications license.  The
>> unique public key would be managed by a small group of people.  This
>> means that if it was ever compromised, most message traffic would be
>> secure and those who were responsible would be easy to find.
>>
>> The only way you are at the mercy of the Libyans is if you do business
>> in Libya.

> No, I think you are missing the point. The issue about Libya is that the
> GAK system must make decisions about when and under what conditions it
> accedes to government wishes--for governments we may be hostile toward.

> Or governments may be hostile toward us.

Yes, there is a problem with uncooperative foreign governments who
won't prosecute people who send in non-GAKed messages.  So, we simply
terminate communications with those countries.  It's something the
government wants to do anyway, so it's not a painful pill to swallow.

> As I said in another message, I don't think there can be a unified GAK
> policy. I believe the U.S. Administration hopes to browbeat enough nations
> into compliance such that it--the U.S. government--controls which keys are
> released and which are not. My point about "rogue" governments is that the
> problems of Burma, Libya, etc. will not vanish. Clearly the U.S. government
> will not settle for waiting for Libya or Burma to co-release keys....

The scheme I described above does not require co-release of keys.

It may be the case that the USG is trying to pull a cypherpunk maneuver
on other less sophisticated governments.  That is, they are probably
telling the other governments, "You've got a real problem here.  You
will be overthrown if you don't get our help fast with our sophisticated
encryption technology!  And if you don't let us help, you'll lose most
favored nation status."  By the time other policy makers figure out the
implications of this, it will be too late.  Sad for them, but good
news for the U.S. consumer.

> And nothing in GAK says one gets to communicate with Libyan parties by
> encrypting with the public key of Libya, thus bypassing the U.S. decryption
> capabilities!

Nothing stops you from sending fully encrypted messages to Libya except
your fear of social disgrace and a long prison term.

Peter Hendrickson
[email protected]