1998-09-07 - Re: KRAP is at it in the IETF

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: TSGman@earthlink.net
Message Hash: 9b176c215e9de640bf5be3c4ac97166dc38add2ade19dd8a151c70540359f733
Message ID: <199809072248.XAA08942@server.eternity.org>
Reply To: <002701bdda9f$84ec8430$89bffad0@tsg-laptop>
UTC Datetime: 1998-09-07 23:06:41 UTC
Raw Date: Tue, 8 Sep 1998 07:06:41 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 8 Sep 1998 07:06:41 +0800
To: TSGman@earthlink.net
Subject: Re: KRAP is at it in the IETF
In-Reply-To: <002701bdda9f$84ec8430$89bffad0@tsg-laptop>
Message-ID: <199809072248.XAA08942@server.eternity.org>
MIME-Version: 1.0
Content-Type: text/plain




Todd S. Glassey writes on dbs@philodox.com (digital bearer settlement) list:
> Let me start with the disclaimer since I am going to vehemently disagree
> with you - These are my own opinions and in no way reflect my companies or
> our clients Opinions, etc. etc. etc. -

[What company do you work for?  You disclaim about your "company" and
"clients" without mention of who they are?  (I like to know who the
GAKkers are, are you with securecomptuing.com also?)]

> So William - IMHO, you are missing the point totally. The IETF is an
> A-Political Organization investing in the development of technical standards
> to accomplish various networking services. As to the issue of Politic vs.
> Technology, by its actions alone, KRAP's demonstrated agenda with the IETF
> is purely technical and whether it is in furtherance of its external
> political agenda is really irrelevant to the IETF as and its established
> process as a whole.

I understood it this way: that IETF policy is not allow political
considerations to weaken or otherwise damage security functions in
IETF standards.  eg. No weak key lengths for to satisfy local
government politics etc.

Read RFC 1984.  I quote:

: KEYS SHOULD NOT BE REVEALABLE
: 
:    The security of a modern cryptosystem rests entirely on the secrecy
:    of the keys.  Accordingly, it is a major principle of system design
:    that to the extent possible, secret keys should never leave their
:    user's secure environment.  Key escrow implies that keys must be
:    disclosed in some fashion, a flat-out contradiction of this
:    principle.  Any such disclosure weakens the total security of the
:    system.
: 
: DATA RECOVERY
: 
:    Sometimes escrow systems are touted as being good for the customer
:    because they allow data recovery in the case of lost keys. However,
:    it should be up to the customer to decide whether they would prefer
:    the more secure system in which lost keys mean lost data, or one in
:    which keys are escrowed to be recovered when necessary.  Similarly,
:    keys used only for conversations (as opposed to file storage) need
:    never be escrowed.  And a system in which the secret key is stored by
:    a government and not by the data owner is certainly not practical for
:    data recovery.

This quoted point is kind of relevant here:

 "keys used only for conversations (as opposed to file storage) need
  never be escrowed"

Now we move on to your GAK apologist arguments...

> Remember also that it was the Government that was the primary
> subsidizer of said same network and everything that evolved the old
> 56k ARPANET into what the Public Internet is today.

"Government" is composed of public servants.  This citizen-unit
doesn't want to fund spooks to spy on himself.

> The world is changing into a global society and the rules about
> personal freedom are evolving with it... Not everyone is going to
> like them but the facts are what they are and IMHO - personally I
> wonder more how some local constituency would respond to the
> invasion of their personal privacy when some "pervert terrorist"
> parks a recently acquired nuke or Bio-toxic Weapon from the now

Oh give us a break!  You already admitted that terrorists are going to
use whatever crypto they want whether or not governments succeed in
ramming GAK down our throats.

> defunct Russian Arsenal in their backyard and pushes the #$%^&*
> button. If losing absolute anonymity is the cost of better
> safeguarding oneself and family from threats like these, what the
> heck. Its a very small cost to pay.

Perhaps you would think that video cams in all the rooms in your house
(with feeds back to NSA) would be a good idea also,...  well you
install them, at your cost, and leave us out of your eavesdropping
plans, ta very much.

Adam





Thread