From: Michael Froomkin <froomkin@law.miami.edu>
Date: Wed, 3 Jul 1996 09:46:32 +0800
To: aba@dcs.ex.ac.uk>
Subject: Re: UK Crypto regs?
In-Reply-To: <199606300840.JAA00124@server.test.net>
Message-ID: <Pine.SUN.3.94.960702165205.6149N-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Thank you to AB for forwarding the Ross Anderson summary.

I am unclear on what I consider a key point regarding UK policy.

The US (and Japanese) governments have pledged not to seek to esrow
digital signature keys.  (FWIW I think this is a very important and
praiseworthy pledge.)  There is a large class of DS keys, eg RSA keys,
which can also be used for encryption; there is also a class of keys (eg.
SHA 1, I think?) that cannot.  A PKI that requires escrow therefore must
either

a) limit the type of encryption allowed for DS keys, end exclude one of
the most popular flavors

or 

b) escrow digital signature keys

I am unclear as to whether the UK authorities understand this, and if so
which option they plan to choose.  I would welcome any information that
might be floating around.

[This message may have been dictated with Dragon Dictate 2.01. 
Please be alert for unintentional word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.