[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FCPUNX:PGP Key Escrow and Congress

To: [email protected]
Subject: Re: FCPUNX:PGP Key Escrow and Congress
From: Eli Brandt <[email protected]>
Date: Wed, 15 Oct 1997 14:10:54 -0400 (EDT)
In-Reply-To: <[email protected]> from "Bruce Schneier" at Oct 14, 97 10:15:07 am
Sender: [email protected]

Bruce Schneier wrote:
> From: "Barbara Simons" <[email protected]>
>
> Some of these are old arguments that we've been hearing for a while,
> but some are newer.  In particular, points 4 and 6 are difficult to
> refute without getting into some technical details.  Both points also
> undercut the argument that a key recovery infrastructure potentially
> weakens security.  After all, the NSA thinks it's secure enough that it
> can be used by the government.

Non-technical point: the NSA (reportedly) has no intention of using
GAK for classified information.  They know that it weakens security.

Do the privacy of the nation's data and the security of its
information infrastructure deserve the same consideration as the
Pentagon's "Confidential" memos?  When you're planning to build in a
single point of failure, this is a question you have to ask.

-- 
     Eli Brandt  |  [email protected]  |  http://www.cs.cmu.edu/~eli/

Follow-Ups:
- Re: FCPUNX:PGP Key Escrow and Congress
  - From: "William H. Geiger III" <[email protected]>
- Security flaws introduced by "other readers" in CMR
  - From: Tim May <[email protected]>

Prev by Date: Re: CVS: cvs.openbsd.org: ports
Next by Date: Re: Just say "No" to key recovery concerns...keep OpenPGP pure
Prev by thread: Trans World Specials e-mail confirmation
Next by thread: Re: FCPUNX:PGP Key Escrow and Congress
Index(es):
- Date
- Thread