From: Ernest Hua <hua@XENON.chromatic.com>
Date: Sat, 25 May 1996 12:07:35 +0800
To: cypherpunks@toad.com
Subject: why is no one (apparently) worried about escrowed key length limits?
Message-ID: <199605241756.KAA07067@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


It appears that (from the responses I have gotten on why there are key
length limits at all on escrowed encryption) I am not forgetting
anything obvious.

So why is no one seriously questioning why this limit has to be there
for key escrow?

One suggestion was: the NSA does not completely trust key escrow.  But
if the NSA (who should know all the inner secrets of it) cannot
completely trust key escrow, then why should WE trust key escrow?

Obviously, the implication is that brute force (or "near brute force")
methods WILL be used against encrypted transactions.  So in the best
case, there is some lower strata of law enforcement who are only
allowed to use the escrowed path to intercept, but there is also some
upper strata of law enforcement (presumably some anti-terrorist or
national security section of ATF or FBI or CIA or Secret Service) who
will be allowed to use such super-duper cracking methods to achieve
their goals (assuming their goals are good).

But, if the best case happens, then we're all Ozzie and Harriet (or
Archie and Edith), and we should be in a love fest with the
government.  Obviously we don't competely and blindly trust our
government.

So why do we allow the NSA to get away with such a policy?

"Here is something you can use.  We can't completely trust it but it
should be good enough for you folks."

Ern