From: frantz@netcom.com (Bill Frantz)
To: cypherpunks@toad.com
Message Hash: c91a4702b55a3c0d478789a909cb285a1d93fd06b6204784fb15c4d9c73dcea1
Message ID: <199605221756.KAA01022@netcom8.netcom.com>
Reply To: N/A
UTC Datetime: 1996-05-22 23:47:20 UTC
Raw Date: Thu, 23 May 1996 07:47:20 +0800
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 23 May 1996 07:47:20 +0800
To: cypherpunks@toad.com
Subject: Re: Clipper III analysis
Message-ID: <199605221756.KAA01022@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
John Gilmore wrote an excellent description of GAK 3 (aka Clipper III, aka
Enabling Privacy, Commerce, Security and Public Safety in the Global
Information Infrastructure). Here are a couple of other points that even
the proponents of this scheme should agree to:
(1) GAK3 does not provide for the significant public purpose of protecting
dissident groups under repressive regimes. Human rights groups in
Bosina/Serbia have used PGP to protect their files. Since their computers
have been frequently seized, the only protection for those people who have
made human rights complaints has been that the local government has not had
access to the keys.
(2) The paper fails to differentiate between the needs of communication
privacy and data storage privacy. No rational person would want to GAK
their communication keys. Data lost because keys are lost can always be
retransmitted. Since communications are easy to intercept, having a long
term GAK key greatly increases the chances that the long term key will be
stolen and the session keys intercepted. Communication session keys should
be decided by techniques such as Diffie Hellman which ensure that the only
entities with access to the key are the programs/hardware at each end of
the link.
A better case for escrowing long term data storage keys can be made.
Physical security provides some protection for the cyphertext. Loss of a
key can mean loss of the data. However, it is not clear why encrypting for
data storage is any different from storing confidential data in a safe. If
the government has a legitimate need to access the data, they can access it
through the same legal processes they use to access data in safes. While
long term data storage can use escrow agents, it does not need GAK for any
legal public purpose.
------------------------------------------------------------------------
Bill Frantz | The CDA means | Periwinkle -- Computer Consulting
(408)356-8506 | lost jobs and | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA
Return to May 1996
Return to “Robert Hettinga <rah@shipwright.com>”