1996-01-18 - Re: Ozzie Apes Jim Clark, Fix Is In to Cave and Cry

Header Data

From: “david d `zoo’ zuhn” <zoo@armadillo.com>
To: cypherpunks@toad.com
Message Hash: 0f7feb7bbb19f8b147627fd474e154b79e2728ade32c769ac3451c4a4fabd555
Message ID: <199601182115.PAA10170@monad.armadillo.com>
Reply To: N/A
UTC Datetime: 1996-01-18 22:12:27 UTC
Raw Date: Fri, 19 Jan 1996 06:12:27 +0800

Raw message

From: "david d `zoo' zuhn" <zoo@armadillo.com>
Date: Fri, 19 Jan 1996 06:12:27 +0800
To: cypherpunks@toad.com
Subject: Re: Ozzie Apes Jim Clark, Fix Is In to Cave and Cry
Message-ID: <199601182115.PAA10170@monad.armadillo.com>
MIME-Version: 1.0
Content-Type: text/plain

// : >The new overseas version of Notes, tagged Release 4, will give
// : >foreign users 64-bit security. But to get permission to export
// : >the software, Lotus agreed to give the government access to 24
// : >of those bits by using a special 24-bit key supplied by the

// That was the question that came to mind when I read the article, too.
// How exactly are they planning on implementing this?  

Looks straightforward to me.  Any time a bulk key is generated (aka session
key), take a known number of bits in a known location (top n or bottom n)
and encrypt those with the public key of the agent you want to give the n
key bits to. 

Then send the encrypted key bits as part of the message protocol. 

This is similar to what Netscape's SSL does, except that the top n bits of
an SSL key are a public part of the exchange, and the top n bits of a Notes
key are only readable by the private key holder (which is presumably in the
hands of every major government agency that cares).

Neither give away the entire key directly, so it's not a trivial decoding
operation.  But 40 bits isn't terribly difficult to decode either.

The advantage, as seen by many people, is that the full key is much larger
in the Notes implementation style so non-governmental attackers have a much
harder problem to solve in order to crack the message.  

This is roughly akin to what ViaCrypt has announced for their next PGP
release.  You have a public key for the "escrow" agent, and every person
who encrypts using PGP would add (or would have added by PGP) the agent to
the list of recipients.  The message might not be given to the agent, but
if it lands in their hands, they will be able to decrypt it.

GAK is reasonable, to those who trust the government.  Now the subset of
this list who do so may be a much smaller percentage than the subset of the
VPs of IS that do.  But that's a different message.  

-  david d `zoo' zuhn  -| armadillo zoo software -- St. Paul, Minnesota
--  zoo@armadillo.com --|   unix generalist (and occasional specialist)
------------------------+   http://www.armadillo.com/ for more information
  pgp key upon request  +----------------------------------------------------