1996-05-07 - Escrowing signing vs. encryption keys

Header Data

From: JMKELSEY@delphi.com
To: cypherpunks@toad.com
Message Hash: 65b5de8ad571865a140b4255c2c1d69090c2ea46c6fd26d246b95160d1408347
Message ID: <01I4EDQIJ1MA9C1W4G@delphi.com>
Reply To: N/A
UTC Datetime: 1996-05-07 08:06:54 UTC
Raw Date: Tue, 7 May 1996 16:06:54 +0800

Raw message

From: JMKELSEY@delphi.com
Date: Tue, 7 May 1996 16:06:54 +0800
To: cypherpunks@toad.com
Subject: Escrowing signing vs. encryption keys
Message-ID: <01I4EDQIJ1MA9C1W4G@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: cypherpunks ## Date: 05/06/96 06:55 pm ##
  Subject: Escrowing signing vs. encryption keys. ]

>Date: Thu, 25 Apr 1996 21:06:37 -0700
>From: Hal <hfinney@shell.portal.com>
>Subject: Re:  US law - World Law - Secret Banking

>Baker's problem was that the keys would be used for signing as well
>as for encryption.  He said that in the U.S. they had been careful
>to separate these functions in their plans.  That's why we have DSS
>for signatures and Clipper (Capstone, Skipjack, etc.) for
>encryption.  Only the Clipper keys get escrowed.  The DSS keys are
>kept private.

>Privacy, on the other hand, at least from the point of view of
>someone like Baker, is not as important.  His people eavesdropped
>all the time, and it wasn't that bad.  So from his perspective it is
>reasonable that a possibly insecure escrow system is acceptable for
>encryption, but not for signatures.  And that is apparently a
>principle behind the US crypto policies as they have unfolded over
>the last few years.

There is another angle to this.  If extralegal key escrow accesses
are occurring, it will probably take a long time to come out, if it
ever does.  There's a good chance that anyone successfully
eavesdropping on people by use of the key escrow mechanism will
simply keep quiet about it, and while the victim may *suspect*
what's happened, they won't be able to prove it.  However, forged
signatures *will* be noticed directly, and there will be
high-profile court cases about them.  Even if untrue, serious
allegations of forged signatures based on escrowed signing keys will
make it into the papers, and cause all kinds of chaos.  Presumably,
this is seen by the Feds to balance out the downside that, if I have
the ability to do secure signatures with certificates, I can always
use Diffie-Hellman to establish a secure session with someone else.

>Hal

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMY6Vh0Hx57Ag8goBAQHI2gP/bUhtWnIjWX8xKJ44IcmdG9OqbO7PaB1B
9iu7GYFzQXLgsMdc9Opzm64W7F+NrBlE1PjOCj965bK7MC9+Lz176Bo5nBHGMktP
pALZcRvm6bmNMls49abvucVr8Xm2SbDOnsp5z4NHVUuNGdXi+J5tDVR2vYqIQjh5
GmZk9fVkQUM=
=r6zZ
-----END PGP SIGNATURE-----





Thread