From: frantz@netcom.com (Bill Frantz)
To: Raph Levien <tcmay@got.net>
Message Hash: f24dbf161f2d701559e2ae94235e177eb95a4723eb4ce4864869481ef34f0f78
Message ID: <199607151850.LAA08307@netcom8.netcom.com>
Reply To: N/A
UTC Datetime: 1996-07-16 04:23:52 UTC
Raw Date: Tue, 16 Jul 1996 12:23:52 +0800
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 16 Jul 1996 12:23:52 +0800
To: Raph Levien <tcmay@got.net>
Subject: Re: How I Would Ban Strong Crypto in the U.S.
Message-ID: <199607151850.LAA08307@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
At 9:58 AM 7/15/96 -0400, Raph Levien wrote:
>4. Thus, the best leverage for the TLAs to win is to guide the
>development of a key management infrastructure with the following
>property: if you don't register your key, you can't play. I believe that
>this is the true meaning of the word "voluntary:" you're free to make
>the choice not to participate.
>
>5. This is _important_. If you can't get the keys for your
>correspondents, you can't use encryption. If they build a key management
>infrastructure that actually works, people will use it.
The obvious counter is to use the key management infrastructure for
authentication, but use a technique like Diffie-Hellman to decide on a
session key. I see two problems with this approach:
(1) It still allows traffic analysis.
(2) It will be difficult to implement for one-way transmissions (e.g. email).
A more complex structure would overcome (2) above. Use you GAK key to sign
your PGP key. Post your PGP key on the MIT server (or successors), and
people who want non-GAKed communication with you would use your PGP key,
with the benefit of government approved authentication.
I still think this whole GAK thing is going to fail on the, "Which
government?" question. I don't see either multi-nationals or their
governments wanting to share their secrets with each other, and I don't see
how to set up universal GAK to prevent that form of industrial espionage.
Also, the key which decodes the GAKed data is just too valuable and too
easy to steal.
-------------------------------------------------------------------------
Bill Frantz | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506 | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation. | Los Gatos, CA 95032, USA
Return to July 1996
Return to “frantz@netcom.com (Bill Frantz)”
1996-07-16 (Tue, 16 Jul 1996 12:23:52 +0800) - Re: How I Would Ban Strong Crypto in the U.S. - frantz@netcom.com (Bill Frantz)