From: Hal <hfinney@shell.portal.com>
Date: Wed, 5 Oct 94 08:37:29 PDT
To: cypherpunks@toad.com
Subject: Re: Referrences to SKE and GAK
In-Reply-To: <9410051404.AA11905@tis.com>
Message-ID: <199410051537.IAA12218@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to Carl for an interesting essay on key escrow.

What is being escrowed in the SKE proposals?  Is it the session key?
What is the advantage to the user of broadcasting a session key encrypted
to an escrow agent?  That does not sound like a spare key in the wallet.

What about the aspect of SKE which allows compliant implementations to
verify that the session key is actually being honestly reported to the
escrow agent?  Isn't that where most of the cryptographic challenge and
interest comes from, and again how does that benefit the customer?  It
seems strictly for the benefit of wiretappers.

What about key escrow systems which allow users to store encrypted
versions of their public keys?  There would still be the danger of the
user dying or forgetting his pass phrase, but in many circumstances
that is tolerable.  The KE agency then simply becomes a data backup
facility.  Is TIS working on this?  This seems like the true analog of
the spare key in the wallet.

I get the impression that despite all of the good and reasonable things
you can say about key escrow, the actual work and interest is strictly
going towards systems to allow government wiretapping.  No significant
efforts are going into these other ideas which might be useful to the
customer but are irrelevant to the wiretapping issue.  So I am afraid
that the actual work on SKE is only going to hurt privacy despite
Carl's hopes.

Hal