cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1995-12-04 - RE: key escrow compromise

Header Data

From: Paul Koning 1695 <pkoning@chipcom.com>
To: Cypherpunks mailing list <cypherpunks@toad.com>
Message Hash: 7d07758b682eb2d6c41515ea0df76d954d20dbf4db959e36c7ec138ad2bb5e2d
Message ID: <30C3575F@mailer2>
Reply To: N/A
UTC Datetime: 1995-12-04 17:14:57 UTC
Raw Date: Mon, 4 Dec 95 09:14:57 PST

Raw message

From: Paul Koning               1695 <pkoning@chipcom.com>
Date: Mon, 4 Dec 95 09:14:57 PST
To: Cypherpunks mailing list <cypherpunks@toad.com>
Subject: RE: key escrow compromise
Message-ID: <30C3575F@mailer2>
MIME-Version: 1.0
Content-Type: text/plain



Quoting: "Vladimir Z. Nuri" <vznuri@netcom.com>
>I tend to agree with Clark in only one regard: the government is going
>to get into the key storage/retrieval business in some form or another
>eventually & inevitably; it's just not stoppable.

Well, I would tend to disagree.  If PGP weren't out, you might conceivably
have a point.  Given that it is out, are you suggesting that the NSA would
be able to make all copies of it go away?  And all copies of PEM?
And everyone else's encrypted Email programs including all those
available from many other countries?  Shutting down the Internet
completely wouldn't be a sufficient measure to make that happen.

>the aspect
>that is up for grabs is whether these systems will be *mandatory* for
>all private communication.

I remember some clear statements that this is the goal, as should be
obvious, since any smaller goal doesn't make any sense.

>here's a quick idea. the post office is getting into
>certification authorization come hell or high water (ETA summer, 96).
>now, frankly I think this is a good thing. someday we will need some kind
>of legal agency to deal with citizen keys, so that we could have
>cryptographic dealings with federal agencies such as the motor
>vehicles department, etc.

Well, I don't know why a government agency that calls itself a 
non-government
agency one minute and hides underneath special government
monopoly privileges should be given yet another special
privilege, but anyway... yes, clearly at some point we will need
certification that will make digital signatures useable.

However, that has NO connection with GAK, and in fact is a strong
argument against it.  If the government has access to my keys, then
why should anyone trust my signature?  Conversely, certification
for digital signatures involves making statements about the validity
of PUBLIC keys, and imposes NO requirement on private keys.

     paul

Thread