From: Carl Ellison <cme@tis.com>
Date: Wed, 27 Jul 94 13:36:58 PDT
To: tcmay@netcom.com
Subject: Re: Government-Controlled Trust Hierarchies
In-Reply-To: <199407271844.LAA14181@netcom10.netcom.com>
Message-ID: <9407272036.AA20598@tis.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: tcmay@netcom.com (Timothy C. May)
>Subject: Government-Controlled Trust Hierarchies 
>Date: Wed, 27 Jul 1994 11:44:13 -0700 (PDT)

>(* A note of confusion. I don't see how the schemes described by Matt
>Blaze, Carl Ellison, and others here, in which groups of communicants
>agree on a mutual escrow agent can work. For example, suppose a bunch
                                    ^^^^
>of say, "OK, we'll play your silly game. We'll use your software,
>but our "escrow agents" will be "cypherpunks.nil" and
>"bitbucket.void," both of which consign all incoming keys to oblivion.
>Whutja gonna do now?" This makes the escrow agents a charade, unless
>of course there are laws regulating escrow agents!)

What means "work" ?

If by this you mean "work to provide surveillance agents with citizens'
keys" then of course it doesn't.  Should that surprise you (that I would
talk about a system which doesn't give the TLAs any access)?

If I have 3 escrow agents -- Alice, Bob and Carol -- and they're friends of
mine in different parts of the country, don't know each other, ..., then
when I forget a password for some encrypted file, I can take the ID# of
that file (in its LEAF-equivalent) and send a request to each of my friends
for key pieces for that ID #.  I've achieved backup of my own encryption
keys against failure of my memory.  If there's data my survivors should
have, I list the escrow agents for that data in my will.  If there's data
which should die with me, I don't escrow its key(s).

(I had used Curve Encrypt the other month and forgotten the password --
went a whole month before I remembered it.  This isn't academic to me.)

To me, this works.

But don't let me dampen the inspection of SKE.  Just having the machinery
in place (as someone pointed out a day or two ago) makes it easier for the
gov't to come along and demand to be the escrow agents::  "Why burden your
friends with that duty?  Why concern yourself with how to get to your keys.
We'll keep them for you.  We'll be on-line 24 hours a day, seven days a
week.  We'll be true *escrow* sites -- keeping keys which you can get to
yourself.  Of course, we'll also be law-abiding citizens (officers of the
court?) and respond to any court orders.  So should your friends, by the
way, if you use them as escrow agents...."

:-(

The only real answer is (to me):

1.	demand free export of public-domain crypto (anything published:
	RSA, DES, IDEA, FEAL, transposition, substitution, Hill, Vernam,
	etc., and any combination of those)

2.	write good code (aimed at the naive user, with good Windows or
	Mac GUI) including strong crypto without gov't access to keys
	and sell it, share it or give it away.

3.	make sure that the Congress acknowledges that private citizens
	have invented, distributed and used strong crypto (as strong as
	the military of the time) for 4000 years (cf., Kahn) and hasn't
	given keys to the gov't -- and shouldn't ever do so.

4.	drive home the point (also cf. Kahn) that criminals have invented
	and used strong crypto in the past (hiring their own cryptographers)
	so that this is not a new danger and therefore doesn't need new
	drastic action.

 - Carl