From: Kent Crispin <kent@bywater.songbird.com>
Date: Thu, 16 Oct 1997 13:52:00 +0800
To: cypherpunks@Algebra.COM
Subject: Re: FCPUNX:PGP Key Escrow and Congress
In-Reply-To: <199710151811.LAA23906@toad.com>
Message-ID: <19971015224407.08785@bywater.songbird.com>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, Oct 15, 1997 at 07:52:47PM -0700, Bill Stewart wrote:
> At 01:27 PM 10/15/1997 -0500, William H. Geiger III wrote:
> >>Do the privacy of the nation's data and the security of its
> >>information infrastructure deserve the same consideration as the
> >>Pentagon's "Confidential" memos?  When you're planning to build in a
> >>single point of failure, this is a question you have to ask.
> >
> >There are those of us who see a single point of failure in such
> >infrastructures as a GoodThing(TM).
> 
> However, they are incorrect :-)  The primary failure mode is
> "someone official decides to rip off somebody's information".
[...]

> Multiple small points of failure mean that it's less likely
> that the official who wants to rip off information has access
> to the set of information he wants to rip off.  You could argue
> that there would be more officials with access, but probably not,
> since a big pile of information is something that attracts officials
> far faster than little boring piles.

I don't suppose you are arguing that having multiple small points of 
failure makes GAK acceptable...

The 'single point of failure' mode is such obviously bad design that
NSA will never go for it -- they aren't dumb.  Consider that if you
have a single master key for all escrowed things (for example): that
single master key will have to be used for *every* wiretap, every FOI
act action, etc.  It will be in constant daily use by many people, 
and keeping it secure will be, practically speaking, impossible.

-- 
Kent Crispin				"No reason to get excited",
kent@songbird.com			the thief he kindly spoke...
PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html