1994-02-14 - Re: Actively Sabotaging Clipper and Capstone?

Header Data

From: “Pat Farrell” <pfarrell@netcom.com>
To: cypherpunks@toad.com
Message Hash: 77f8e2f0c57578092296438b89de48267e9f790cb89621905bdbe93655daa1e7
Message ID: <15722.pfarrell@netcom.com>
Reply To: N/A
UTC Datetime: 1994-02-14 09:25:25 UTC
Raw Date: Mon, 14 Feb 94 01:25:25 PST

Raw message

From: "Pat Farrell" <pfarrell@netcom.com>
Date: Mon, 14 Feb 94 01:25:25 PST
To: cypherpunks@toad.com
Subject: Re: Actively Sabotaging Clipper and Capstone?
Message-ID: <15722.pfarrell@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain

Tim May posted to cypherpunks:

> Hey, I've just been told in e-mail that my $200,000 figure for the
> Clipper keys (a tape or compilation of the ones that are held in
> escrow) is way too low, probably by two orders of magnitude.
> Maybe so, as having these keys could mean a lot.
> But my point is that nearly any such figure will represent an
> incredible temptation. Such is the risk of any centralized system in
> which a master key (or set of escrowed keys) unlocks such valuable
> information.

This is exactly the same argument that corrupts the PEM certification
scheme. While hierarachical chains of command are reflexivly the first
idea in any military or bureaucratic employee, the existance of a
super-valuable "master certification certificate" that is valuable will
directly make it extremely valuable. Anything of sufficient value will
be compromised by someone willing to pay a sufficient value, break a
kneecap, etc.

Once a valuable, high level certificate is broken, then all decendant
certificates are broken. The "web of trust" is the only workable solution.


Pat Farrell      Grad Student                 pfarrell@gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>