[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HP announcement



Greg wrote:

> Sounds to me like they want to be able to turn off strong crypto the way
> they can turn off high-detail GPS during politically/militarily sensitive
> events. 

That's my analysis as well. That, and we will see crypto strength based on 
the application. Credit card numbers get 3DES, email gets 40bit RC4.

[...]
> Users
> can decide whether to use key recovery, based on personal needs or domestic
> -- or foreign -- government regulations. 

The decision which type of crypto to use is not solely up to the 
user. If it was, a non-US user could just decide to turn on strong 
crypto. The Policy Token must therefore contain a field indicating GAK is 
"optional" or mandatory.

What does this mean? Policy tickets are served from central Policy
Servers. Foreigners only get servers that will turn GAK on by default. US
users get servers, run by an unspecified agency, that will initially send
tickets with a "GAK optional" value. This value can be changed to "GAK
mandatory" in times of national emergencies, suspected terrorist
activities, suspicious behavior, you know the drill.

Flip a central switch, and all crypto goes from "non-GAK" to "GAK". Which of 
course makes it GAK from the outset.

--Lucky