[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Microsoft & Key Escrow



At 9:49 PM -0600 12/4/96, Igor Chudov @ home wrote:
>this is unfortunate -- key escrow is a very good thing as long
>as it is not mandated by law.

Agreed, except that I would call voluntary, corporate plans "key recovery,"
not "key escrow." (The government now calls their non-voluntary system "key
recovery" as well, so the term is still overloaded.)

The concern many of us have had for several years (*) is that such schemes
are very dangerous, acting as a kind of "sword of Damocles" over our heads.
A widely-used, government-encouraged key recovery program, once deployed,
could too easily be made mandatory. Hence our interest in sabotaging or
subverting such schemes, to preserve additional degrees of freedom should a
ban be attempted.

And clearly even corporate key recovery schemes are not really designed to
be robust against willful attempts to subvert the recovery of plaintext.
The intention is to deal with forgetful employees, departed employees,
etc., not those who attempt to, for example, superencrypt their
communications.

Furthermore--and this has been noted many, many times--there are
essentially no plausible situations in which either _corporations_ or
_individuals_ would need or want key recovery for *communications*. After
all, individuals or employees within corporations have (possibly) encrypted
files on their disks, including outgoing and incoming e-mail. They use
communications cryptography--PGP, whatever--to guard against _interception_
by other corporations, other individuals, or governments (including their
own). For example, they encrypt using the public key of their recipient.

So, why would someone practicing such communications security care about
key recovery, for the communications? Only one word suffices here: "Duh."

On other hand, _governments_ are thwarted by such communications security,
and this is the real motivation for key recovery. Louis Freeh, Jim
Kallstrom, Dorothy Denning, and others have said as much.


>any reasonable employer concerned about secrecy and recoverability
>of his data should use key escrow solutions for their employees'
>encryption.


But certainly not for *communications security*. Corporations such as
Microsoft would do well, I think, to explicitly point this out and to make
clear that corporate key recovery products will be oriented toward key
recovery for files stored on corporate computers--which would presumably
include the originally-generated plaintext messages sent to other sites or
users--and not oriented toward mandating the forms the _communications_
must take.

Sadly, most journalists who write about crypto have failed to pick up on
this important point....I guess writing articles about the "death of the
Cypherpunks list" is more important (and keeps Vulis feeling good about
himself).

Oh well.

(* Just as the Cypherpunks list was being formed, circa October 1993, I
posted an article to sci.crypt about "A Trial Balloon to Ban Encryption?"
This was based on some views expressed by Prof. Dorothy Denning, who even
then, six months before Clipper, was making arguments for government access
to keys. I anticipated a government move to limit public key encryption,
using some form of key escrow. Sure enough....)

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."