From: tcmay@got.net (Timothy C. May)
Date: Wed, 13 Sep 95 10:16:23 PDT
To: cypherpunks@toad.com
Subject: Can GAK be made "not interoperable" with PGP?
Message-ID: <ac7c5e4817021004ba64@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:34 PM 9/13/95, Hal wrote:

>I think this is setting up the rationale for software key escrow.  One of
>the big loopholes in this idea has always been that it would be easy for
>bad guys to superencrypt or otherwise bypass the legal encryption.  The
>response has been that the systems will be designed so that compliant
>systems will not interoperate with rogue systems.  And the counter-response
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>to that was that criminals (and privacy advocates) would use software
>which would operate compliantly with conventional programs and maintain
>privacy when talking to other rogue programs.

But is this even possible, to make a GAK system "not interoperable" with,
say, PGP?

Unless the GAK system has some sort of entropy analyzer, and can recognize
high-entropy sources which it presumes to be encrypted data (*), one can of
course PGP-encrypt a text file and then GAK the resulting file.

Many of us are already using PGP mostly in this way, i.e., writing files in
text editors, PGP-encryting and getting an ASCII file back, and then
sending. GAK will still have to deal with this mode.

(* On the idea of entropy analyzers. This is implausible, for many reasons.
Any high-entropy file could have the entropy reduced by padding with
low-entropy sources. And there would be "false positives." Some ostensibly
plaintext posts are so incoherent (;-}) they might be "rejected" by such a
GAKalyzer.)

So, is any conceivable GAK escrow system possible that cannot be used with
other crypto programs? Text is text, unless the GAK program purports to
accept or reject the text based on entropy considerations. And I can't
imagine that part of the GAK program would be robust against hacking.

>This new line will be used to respond to this argument, I think.  Even if
>it is admitted that there is no way for the government to be able to tell
>what the criminals say amongst themselves, it will still be useful to be
>able to tell what they say to other people.  Therefore software key
>escrow will be argued to still be useful even though it can be defeated.

But such traffic analyis is made moot by remailers, as we all know.

What I think we may be facing, if the folks pushing GAK are really serious
about all this, are restrictions on *who we may mail to*!!! For if Alice is
"allowed" to send a message, GAKked or not, to a remailer....

(I can speculate about laws saying only "internationally registered" sites
can use e-mail, but this seems impractical in the extreme...lots of
issues.)

The GAK advocates need to realize that superencryption will be as easy as
it is today to use PGP, and that even traffic analysis will be defeated if
remailers are used.

--Tim May

---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."