[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Attacking GAK--team effort assembling

I spoke to the dangers of this kind of effort at our meeting on Saturday.
After some excerpts, I'll explain just why I think this kind of "help" is
so dangerous.

At 12:59 PM -0700 9/15/97, Michael Wilson wrote:
>Given that the U.S. and E.U. governments seem to be moving toward a
>policy of key escrow/recovery, 7Pillars Partners is starting a team
>effort to demonstrate the practical problems in implementing such a
>system.  The plan is to have the team block out the probable design
>of the infrastructure, with as many of the options available outlined
>and discussed (e.g., 'escrow' itself--will a copy of the secret key
>need to be sent to the escrow agent, will it be created by the agent
>and assigned to the device, will the method be the use of two receiver
>keys (one packet to the intended party, one to the escrow agent), will
>the method be to implement a 'back door' into the cryptosystem itself),
>and then a thorough expansion on all possible methods of attack on the
>various elements of the infrastructure (denial, flooding, espionage,

First, it is very unlikely that finding theoretical weaknesses in a
confabulated scenario will be at all convincing to the supporters of GAK.
For several reasons. Theoretical "what if" scenarios tend not be be
convincing to anyone, and are easily dismissed.

Second, in contrast to the Clipper/Tessera thing, which was pretty
exhaustively mapped out (with the LEAF stuff, the Mykotronx implementation,
the plans for a mechanism to release keys, etc.), the latest GAK plan is
vague and insubstantial. Essentially nothing has come out on how it might
work. This makes speculation about weaknesses almost pointless.

Third, the *danger* is that industry and consultants will work so hard to
find flaws that they essentially _do some of the work_ in helping to build
a semi-viable GAK system!

One is reminded of the joke about the engineer being guillotined. The blade
won't fall. So the engineer looks up, thinks a moment, and says "I think I
see the problem...."

>The intent of this project is two-fold: it will provide a practical
>guide that I hope will demonstrate that any key escrow/recovery system
>and infrastructure, no matter how secure/safe, will fall to attack; if
>such a system does end up being implemented and come into operation,
>the analysis will serve as a first-approximation guide for resistance.

You're assuming what you're trying to prove. This does not bode well for
your "study" being taken seriously by GAK supporters. If I were Louis Freeh
or Diane Feinstein, I'd merely point to these words.

And GAK might actually work. This would still not be a reason to support
it, just as a "ban on typewriters" actually most worked (in terms of State
objectives) in the U.S.S.R., and just as a ban on Internet access in China
is even now "working."

The attack on GAK should mostly be on civil liberties grounds, and only
secondarily on risks (to commerce, to privacy, to national security). And
then only tertiarily on how efficient and workable it is.

>We could use a solid outside cryptographer, as well as an attorney
>to work through the probable legal elements involved in the system.
>Interest in being on the team should be indicated to:
>Michael Wilson, [email protected] or [email protected]

Well, a meta-issue is that the several communities already critiquing
facets of this plan (such as Cypherpunks, Cyberia-l, Fight Censorship, CDT,
Americans for a Secure Tomorrow, EPIC, Privacy International, the ACLU,
etc.) are likelier to come up with far more attacks, criticisms, etc., than
is a small effort like "7 Pillars" could possibly mount.

Granted, the set of comments already rolling in, and expected over the next
year, from these groups is "informal." But there is no "formal" GAK system
in place. We don't have the foggiest if the GAK is to involve something so
simple as requiring spare keys be escrowed, or some variant of the LEAF
thing, or some multiparty key sharing strategy, or even aptical foddering
of the keys. We just don't know.

I'm not trying to undermine the efforts of "7 Pillars." I just don't see
the point, and I see some serious dangers if such an effort helped the
government to shape a more "efficient" approach!

--Tim May

There's something wrong when I'm a felon under an increasing number of laws.
Only one response to the key grabbers is warranted: "Death to Tyrants!"
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."