From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 24 Oct 1997 23:48:01 +0800
To: declan@well.com
Subject: Re: puff pieces vs tough crypto issues (Re: Singapore TOILET  ALERT)
In-Reply-To: <v0300780eb073f3f9431f@[168.161.105.141]>
Message-ID: <199710241155.MAA01293@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Declan McCullagh <declan@well.com> writes:
> >More importantly though, the Blaze et al study
> >(http://www.crypto.com/key_study) did not say that key recovery/key escrow
> >systems can't be built.
> 
> In fact it said: "Building the secure infrastructure of the breathtaking
> scale and complexity that would be required for such a scheme is beyond the
> experience and current competency of the field." Sounds like "can't be
> built" to me.

They are right: it can't be built securely.  But that's not what the
NSA et al are saying, they are saying we can build it if you trust us
not to divulge the keys.  Clearly they can.  Also clearly we don't
trust them.  The Ames syndrome dictates that sooner or later someone
will sell the database or government master key.

pgp5.5 or 6.0 when it comes out, are viable for such purposes.  Quite
similar to clipper: all you need is for the NSA to publish a public
key, and for Clinton to pass a presidential decree that all companies
using (the yet to be released) pgp6.0 should add that key to the list
of CMR recipients.

People sticking up for CMR (Lucky, Jon Callas, others) say: but you
can by pass it.  I say so what.  You could by pass clipper too, it
still didn't make it a good idea.  You can be detected when you by
pass it.  With stiff penalties for companies or individuals for by
passing, and the chance of detection, it sounds viable to me.

> >So far, Soloman, the FBI, nor other mandatory GAK supporters have said that
> >PGP 5.5 or other key recovery products on the market today solve their
> >so-called 'problems'.  I don't really expect them to. They seem to want
> >much much more.
> 
> I agree that PGP 5.5 doesn't meet the FBI's demand for realtime access. 

Why do you think it doesn't meet their demand for real-time access?

pgp5.5 supports multiple CMR fields attached to userids on the key.
So in a company scenario, that would mean that before the presidential
decree, the listed CMR key would be: snoopy@acme.com.  After the
presidential decree, they would have to list two extra crypto
recipients: snoopy@acme.com, and thoughtpolice@nsa.gov.

I think that pgp6.0 (or whatever it will be called) when it is
released will allow keys to have multiple CMR key requests attached to
userids.  This will enable it for real.  (pgp5.5 as far as I can
understand only provides support in the GUI for adding one CMR key
request per userid).  pgp5.5 already supports multiple CMR key
requests per userid in that it knows how to reply to them.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`