1996-10-16 - Re: binding cryptography

Header Data

From: um@c2.net (Ulf Moeller)
To: everheul@NGI.NL (Eric Verheul)
Message Hash: a814b36bbad79e027eb96eb511c531d1d0d850c58a24b74c3b5f1b438f5bd810
Message ID: <m0vDekD-0003bkC@ulf.mali.sub.org>
Reply To: <01BBBA25.B9961E40@port13.ztm.pstn.rijnhaave.net>
UTC Datetime: 1996-10-16 22:53:46 UTC
Raw Date: Wed, 16 Oct 1996 15:53:46 -0700 (PDT)

Raw message

From: um@c2.net (Ulf Moeller)
Date: Wed, 16 Oct 1996 15:53:46 -0700 (PDT)
To: everheul@NGI.NL (Eric Verheul)
Subject: Re: binding cryptography
In-Reply-To: <01BBBA25.B9961E40@port13.ztm.pstn.rijnhaave.net>
Message-ID: <m0vDekD-0003bkC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


> >Can you imagine that anyone would ever create a program that tries to
> >look like a conforming implementation, but generates invalid "binding"
> >data -- when it is so much easier to simply use PGP, and (if
> >necessary) disguise that fact using the government-approved encryption
> >software?  I don't, so in my opinion the verification process is
> >abolutely useless.
> Can you imagine what would happen if governments would (help to) set up
> a system that has no safeguards at all, i.e.  that could give criminals
> all the anonimity and confidentiality they need?

Sorry if my formulation was unclear. I ment to point out that it is
acutally easier to commit fraud in a way that is undectectable than
in a detectable way. So on the assumtion that the concept of binding
cryptography is a good thing, this scheme is flawed.


But to answer your question: Encryption software has already been
available for years. You may argue that PGP is not very user-friendly,
but it is secure and every computer user who takes the time to read
the manual can use it. So nothing much would happen that will not
happen anyway or has already happened.

> car, bicycle, house etc.). That is a fact of life; one I hate. So the
> point is: where is the middle of giving up freedom and stopping
> criminals?

But since - as you admit - it is not possible to stop criminals, the
question is: Do you want to cause a dramatic drawback in privacy and
create new potential security hole just in order to force criminals to
do a few hour's work of installing a secure encryption system from the
Internet, or when that is illegal buy it on the black market?

> We have set up the TRPs in such a flexible way that anybody could find
> one he can trust, one might even set up his own TRP.

Then it is not even necessary to use additional software to circumvent
government access. The user can simply configure himself as TRP for
the inner layer of encryption and the official one in the outer layer.





Thread