Re: Ship Code! Re: House Intelligence Committee Press Release

[Bill Frantz <frantz@netcom.com>]

At 12:18 AM -0700 9/13/97, Bill Stewart wrote:
>On the other hand, PGP 5.0 has a perfectly usable GAK feature,
>not that the Fedz would approve it.  It's the "Always encrypt to default key",
>which is primarily intended for keeping copies in a form you can read later,
>but would work just as well with the FBI key instead.

Making the FBI key an immediate target for (1) Distributed factoring; (2)
Stealing by hook, crook or bribery; or (3) Destruction of the coresponding
secret key by some cypherliberty nut. :-)  (1) and (2) would blow any
secrets encrypted with the system.  (3) would only stop GAK until new keys
could be rammed down people's throats.  My bet would be (2).  Aldrich Ames
wasn't the only spy in the world.  If the FBI is monitoring phone calls set
up with DH key agreement, they are going to need to access that secret key
quite frequently.  It will be very hard to protect it under those
circumstances.

An encrypt to FBI key system has some really serious vulnerabilities.  I
scares me to have our financial system, utilities, and airlines, to name
just a few vital civilian services, depend on a system with such an obvious
flaw.  There are people and organizations out there who would love to
disrupt these systems, and flawed encryption would give them a powerful
tool.


-------------------------------------------------------------------------
Bill Frantz       | The Internet was designed  | Periwinkle -- Consulting
(408)356-8506     | to protect the free world  | 16345 Englewood Ave.
frantz@netcom.com | from hostile governments.  | Los Gatos, CA 95032, USA