1995-09-09 - Re: GAK

Header Data

From: cman@communities.com (Douglas Barnes)
To: Carl Ellison <cme@TIS.COM>
Message Hash: 8a52c4fc9ead131fb9bfebf827cc806fe92f530ae4e3fc6c8519ecdb7d565141
Message ID: <v02120d22ac76a26200fa@[199.2.22.120]>
Reply To: N/A
UTC Datetime: 1995-09-09 01:00:00 UTC
Raw Date: Fri, 8 Sep 95 18:00:00 PDT

Raw message

From: cman@communities.com (Douglas Barnes)
Date: Fri, 8 Sep 95 18:00:00 PDT
To: Carl Ellison <cme@TIS.COM>
Subject: Re: GAK
Message-ID: <v02120d22ac76a26200fa@[199.2.22.120]>
MIME-Version: 1.0
Content-Type: text/plain



>
>If too much attractive stuff is available by loss of any one public key,
>that key gets attacked.  To compensate for this, the TIS DRC generates new
>public keys periodically to give out to new (or old) customers.
>
>However, a government warrant which demands the DRC's private key collection
>would gain quite a harvest.

The economics of the situation seem to dictate that whether you have
one key or N keys, it's going to be cheaper to subvert the escrow agent
(you guys or whoever) than it is to brute-force even one key. Therefore
I'm not clear on how using multiple keys buys you much against the most
probable threat -- opponents getting physical access to keys or the
subversion of personnel who have legitimate access.

Of course, it's still a good policy, reducing the payoff to those too
timid to try the direct approach. But I think this threat is significantly
less likely than a disgruntled employee selling the DRC private
keys on a real instantiation of the Blacknet model, without even being
solicited.

You may feel very comfortable with the personnel and procedures you
have in place now, but auditing and vetting systems are notorious
for scaling very, very poorly. You may feel you can vouch for the
trustworthiness of everyone at TIS now, but this sort of familiarity
also scales very poorly. And clearly, were this to become commercially
significant, it would need to scale quite a bit.

Douglas Barnes
Electric Communities







Thread