From: cme@ellisun.sw.stratus.com (Carl Ellison)
Date: Fri, 13 Aug 93 07:02:58 PDT
To: cypherpunks@toad.com
Subject: Re: >Clipper trapdoor?
Message-ID: <9308131359.AA16791@ellisun.sw.stratus.com>
MIME-Version: 1.0
Content-Type: text/plain


>Message-Id: <00541.2828009147.4718@washofc.cpsr.org>
>From: David Sobel <dsobel@washofc.cpsr.org>
>Date: Thu, 12 Aug 1993 14:01:54 EST    
>Subject: Re: >Clipper trapdoor? 


David,

You wrote:

>[...]  I think the question you raise is a critical one -- under what
>guidelines will the escrow agents determine the validity of an NSA
>request for the key without a FISA warrant?


If I were the NSA, I would *never* permit a key request to leave the
building at Ft. Meade.  The fact that it wanted a given key is, itself,
intelligence.

I am one person who believes that the gov't would never be able to
establish a key escrow agency secure enough even for my customers (Stratus
customers: already extra-careful purchasers of high priced fault tolerant
equipment: banks, large funds transfer people, stock brokers, hospitals,
...).  It's too cheap for organized crime to bribe or break in at the
escrow agencies.  Therefore, I'm on record as a commercial crypto
consultant recommending against any customer of ours using any escrowed-key
mechanism, no matter how strong the algorithm or how trustworthy the
key generation process.

If the agency is too flaky for me, they're bound to be too flaky to be
trusted with a paper trail of NSA's eavesdropping targets.  The traffic
analysis of that trail would be worth an absolute fortune.  I'd give it a
week before it was compromised.

So:  I wouldn't go to the escrow agencies in any way at all.

----------

Now, there was an interesting thing from DERD the other day -- that the
original key generation mechanism is out, replaced by one which is
classified (for nat'l security reasons, I assume).

----------

As I mentioned in alt.privacy.clipper the other day,  if I were the NSA
I would:

1.	pick a *very* secure block cryptosystem (secure enough for them to
	use to send top secret crypto keys around the world, where the enemy
	is sure to intercept the message)

2.	encrypt the chip's serial number in that algorithm, using a single
	key which only the agency knows

3.	use the output of that encryption as the chip's key [that output
	will look totally random to the outside observer, because the
	encryption algorithm is so good]

4.	make the two escrow copies, as before, and deliver them to
	the escrow agencies

5.	keep the key generation process secret, for fear of inciting
	rebellion among civil liberties groups


-----------

 - Carl

P.S.  One of my questions for CSSPAB was why the key generation procedure
didn't just use a hardware random number generator.  That's the accepted
practice and there's no reason to classify it.

P.P.S.  Is there any way to get NIST to answer my list of 22 questions?