[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)

To: [email protected], [email protected], [email protected]
Subject: Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)
From: Kent Crispin <[email protected]>
Date: Wed, 22 Oct 1997 17:48:48 -0700
In-Reply-To: <v0300780eb073f3f9431f@[168.161.105.141]>; from Declan McCullagh on Wed, Oct 22, 1997 at 02:23:29PM -0400
References: <v03007808b073c711fcb1@[204.254.22.221]> <[email protected]> <v03007804b073ab366f27@[204.254.22.221]> <v0310280db073ee3bc480@[207.226.3.4]> <v0300780eb073f3f9431f@[168.161.105.141]>
Sender: [email protected]

On Wed, Oct 22, 1997 at 02:23:29PM -0400, Declan McCullagh wrote:
> At 14:06 -0400 10/22/97, Jonah Seiger wrote:
> >While I suspect that new key recovery or CMR products may create some new
> >traction for supporters of mandatory GAK, PGP 5.5 is not the first example
> >of such a product (TIS has been marketing key recovery products for a
> >while).
> 
> Of course TIS has been doing this forever. But TIS, a shop staffed by
> former NSA spooks, is not the PGP that Phil Zimmermann founded. For PGP to
> release such a product changes the political dynamic in important ways.
> 
> >More importantly though, the Blaze et al study
> >(http://www.crypto.com/key_study) did not say that key recovery/key escrow
> >systems can't be built.
> 
> In fact it said: "Building the secure infrastructure of the breathtaking
> scale and complexity that would be required for such a scheme is beyond the
> experience and current competency of the field." Sounds like "can't be
> built" to me.

In that case, it is completely inaccurate to call PGP5.5 an existence 
proof.  In any case, the Blaze et al paper explicitely acknowledges 
that there is a "business case" for corporate level key recovery, and 
clearly distinguishes the LEA infrastructure model from more limited 
cases. 

> I agree that PGP 5.5 doesn't meet the FBI's demand for realtime access. But
> it can be used as a waving-around-on-the-House-floor prop to pass a law
> that requires mandatory key escrow.

They could wave around TIS's products (designed by noted cypherpunk
Carl Ellison, I believe), or NorTel's Entrust, just as well.  Hell, in
a few months they may be able to wave around Adam Backs CDR product,
which also facilitates GAK -- access to communications is worse than
access to data, by some measure, but the LEA's will certainly be
grateful to Adam for his legitimization of Key Escrow... 

-- 
Kent Crispin				"No reason to get excited",
[email protected]			the thief he kindly spoke...
PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html

Follow-Ups:
- Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)
  - From: Adam Back <[email protected]>

References:
- Re: puff pieces vs tough crypto issues (Re: Singapore TOILETALERT)
  - From: Declan McCullagh <[email protected]>
- puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)
  - From: Adam Back <[email protected]>
- Singapore TOILET ALERT
  - From: Declan McCullagh <[email protected]>
- Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)
  - From: Jonah Seiger <[email protected]>
- Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)
  - From: Declan McCullagh <[email protected]>

Prev by Date: Re: Bill Gates, the Bully Savior
Next by Date: Re: PGP, Inc.--What were they thinking?
Prev by thread: Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)
Next by thread: Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)
Index(es):
- Date
- Thread