1994-07-26 - Re: New Threat on the Horizon: Software Key Escrow

Header Data

From: Matt Blaze <mab@research.att.com>
To: cypherpunks@toad.com
Message Hash: e2c2b7a9b7bcfca967191a6fab4811269ef01f54ae484df4e9bfde57be4875b7
Message ID: <9407262040.AA25807@big.info.att.com>
Reply To: N/A
UTC Datetime: 1994-07-26 20:53:29 UTC
Raw Date: Tue, 26 Jul 94 13:53:29 PDT

Raw message

From: Matt Blaze <mab@research.att.com>
Date: Tue, 26 Jul 94 13:53:29 PDT
To: cypherpunks@toad.com
Subject: Re: New Threat on the Horizon: Software Key Escrow
Message-ID: <9407262040.AA25807@big.info.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:
>Diffie described in some detail a software-based scheme developed by
>NIST (and Dorothy Denning, if I recall correctly) that, as I recall
>the details, avoids public key methods. Perhaps this was also

If it's the same scheme that I'm thinking of (that Dorothy Denning
presented at the Karlshrue workshop), it was developed by Stephen
Walker and David Balenson of Trusted Information Systems, in
cooperation with NIST.

It's a cute scheme - it doesn't involve secret hardware or algorithms, but
does involve public key cryptography, roughly in place of the clipper
unit and family keys.  You can thwart the system with cooperation at both
ends, but you can't interoperate with legal users; in this sense it's
more robust against abuse than the Clipper hardware-based system

The basic idea is that each user gets a unique public key from the
government, which is used to encrypt the session key.  You encrypt the
session key with this key and send both it and the certified public key
to the reciever, who verifies the signature to confirm that it really was
issued by the government.  Now the receiver also encrypts the session key
and compares the result with what you sent, refusing to operate if they
don't match.

Of course, two parties can cheat by patching their verification routines.
But it's very hard to interoperate with non-rogues.

-matt





Thread