From: tcmay@got.net (Timothy C. May)
Date: Wed, 18 Sep 1996 13:41:10 +0800
To: cypherpunks@toad.com
Subject: Re: The GAK Momentum is Building...
Message-ID: <ae64afeb0a0210046fbe@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:00 AM 9/18/96, an12054 (S. Boxx) wrote:

>the Clipper proposals are increasingly moving into the
>area of "key management". large companies will always
>want key management features, to deal with employees who
>forget passwords, leave the company, etc.-- face it, this
>is a simple reality. essentially all the latest
>moves amount to, imho, is the government trying to get
>its fingers into these key management infrastructures.

Companies wishing to tell their employees how and when they may encrypt
communications is something I have no problem with. Corporations do this
all the time, and even make various arrangements with other companies for
various services.

However, making the government a _required_ part of such plans implies a
motive that is not at all the same as what companies wish (mostly, disaster
recovery). And, as has been noted so many times by so many of us, whatever
the motivations for corporate key escrow systems for disaster planning are,
there are no motivations for key escrow for _communications_. If the sender
dies, or leaves, or whatever, the company can reconstruct his
communications from _his_ key. Or the receiving side can reconstruct the
recipients messages from _his_ side.

The only party interested in having access to "in transit" communications
are the wiretappers and SIGINT folks. Think about it. No company I can
think of is interested in reconstructing messages from the _actual
communications_, only from the keys of employees. The NSA and FBI, however,
are _keenly_ interested in reconstructing messages from intercepts, of
course, and hence are pushing for escrow of _communications_ keys!

Furthermore, the main worry (for me, at least) is that the government hopes
to get its Clipper IV scheme accepted (by means of export laws) at some
large fraction of important corporate accounts, not the least of which will
be Netscape, Microsoft, IBM, Oracle, Qualcomm, and suchlike major players
in the "infrastructure" business. Once most of these have "bought off" on
GAK, pressure will be intense to universalize the process, to make it a
felony _not_ to use a "Key Authority."

(BTW, I predict that the tainted term "key escrow" is now gone from the
official lexicon. I haven't seen the Clipper IV proposal, but I surmise
that the baggage the term "key escrow" carries means that some more
benign-sounding term will be used in the final proposal. Something like
"Key Recovery System." You heard it here.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."