Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)

[Declan McCullagh <declan@well.com>]

At 14:06 -0400 10/22/97, Jonah Seiger wrote:
>While I suspect that new key recovery or CMR products may create some new
>traction for supporters of mandatory GAK, PGP 5.5 is not the first example
>of such a product (TIS has been marketing key recovery products for a
>while).

Of course TIS has been doing this forever. But TIS, a shop staffed by
former NSA spooks, is not the PGP that Phil Zimmermann founded. For PGP to
release such a product changes the political dynamic in important ways.

>More importantly though, the Blaze et al study
>(http://www.crypto.com/key_study) did not say that key recovery/key escrow
>systems can't be built.

In fact it said: "Building the secure infrastructure of the breathtaking
scale and complexity that would be required for such a scheme is beyond the
experience and current competency of the field." Sounds like "can't be
built" to me.

>So far, Soloman, the FBI, nor other mandatory GAK supporters have said that
>PGP 5.5 or other key recovery products on the market today solve their
>so-called 'problems'.  I don't really expect them to. They seem to want
>much much more.

I agree that PGP 5.5 doesn't meet the FBI's demand for realtime access. But
it can be used as a waving-around-on-the-House-floor prop to pass a law
that requires mandatory key escrow.

-Declan