[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)




On Wed, Oct 22, 1997 at 02:23:29PM -0400, Declan McCullagh wrote:
> At 14:06 -0400 10/22/97, Jonah Seiger wrote:
> >While I suspect that new key recovery or CMR products may create some new
> >traction for supporters of mandatory GAK, PGP 5.5 is not the first example
> >of such a product (TIS has been marketing key recovery products for a
> >while).
> 
> Of course TIS has been doing this forever. But TIS, a shop staffed by
> former NSA spooks, is not the PGP that Phil Zimmermann founded. For PGP to
> release such a product changes the political dynamic in important ways.
> 
> >More importantly though, the Blaze et al study
> >(http://www.crypto.com/key_study) did not say that key recovery/key escrow
> >systems can't be built.
> 
> In fact it said: "Building the secure infrastructure of the breathtaking
> scale and complexity that would be required for such a scheme is beyond the
> experience and current competency of the field." Sounds like "can't be
> built" to me.

In that case, it is completely inaccurate to call PGP5.5 an existence 
proof.  In any case, the Blaze et al paper explicitely acknowledges 
that there is a "business case" for corporate level key recovery, and 
clearly distinguishes the LEA infrastructure model from more limited 
cases. 

> I agree that PGP 5.5 doesn't meet the FBI's demand for realtime access. But
> it can be used as a waving-around-on-the-House-floor prop to pass a law
> that requires mandatory key escrow.

They could wave around TIS's products (designed by noted cypherpunk
Carl Ellison, I believe), or NorTel's Entrust, just as well.  Hell, in
a few months they may be able to wave around Adam Backs CDR product,
which also facilitates GAK -- access to communications is worse than
access to data, by some measure, but the LEA's will certainly be
grateful to Adam for his legitimization of Key Escrow... 

-- 
Kent Crispin				"No reason to get excited",
[email protected]			the thief he kindly spoke...
PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html