From: Eric Murray <ericm@lne.com>
To: vznuri@netcom.com (Vladimir Z. Nuri)
Message Hash: 1c6846573592f918cf3a26a53b0ddfe0cbc2158b728a49e1a09d5fb1e5b1bb20
Message ID: <199610040153.SAA24250@slack.lne.com>
Reply To: <199610040033.RAA18660@netcom19.netcom.com>
UTC Datetime: 1996-10-04 05:06:51 UTC
Raw Date: Fri, 4 Oct 1996 13:06:51 +0800
From: Eric Murray <ericm@lne.com>
Date: Fri, 4 Oct 1996 13:06:51 +0800
To: vznuri@netcom.com (Vladimir Z. Nuri)
Subject: Re: gack vs. key escrow vs. key recovery
In-Reply-To: <199610040033.RAA18660@netcom19.netcom.com>
Message-ID: <199610040153.SAA24250@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain
Vladimir Z. Nuri writes:
>
> cpunks, a note about recent developments in "key recovery" initiative.
[...]
> is the government always going to be your
> enemy, no matter what they do?
It seems to be bent on doing so.
> I have posted here before that many companies find the concept
> of "key recovery" highly acceptable and even desirable. the
> basic question is, what does this mean to wiretapping and
> search warrants and subpoenas?
They get served, and the keys are produced. Same with personal
crypto- if I'm in court and some encryped file that I have the
key for is demanded as evidence, I provide the key or get
hit with contempt of court, my choice.
No one is arguing about that. The objections to Clipper III are:
1. built-in wiretapping. Clipper III requires that subjects of
"key recovery" wiretaps are not notified of the government's
"recovery" of their keys. While this _is_ analagous to phone
wiretaps, it is not of anything else. The cops have to serve
you a warrant, not sneak in and read the papers in your desk.
Why should encrypted files be different?
2. Coercion. I don't see anything wrong with key escrow
(original meaning, not GAK). I think it's useful for business.
Required for some. It's being coerced to implement it that is
distasteful. If you think that Clipper III isn't coercion, you're
wrong- note that the licenses to export GAKware are reviewed every 6 months
and expire after 2 years if GAK isn't in place. That's a clear
"you're on our side or your not" from the government. Having
the possibility of your product suddenly becoming worthless
every 6 months will keep companies in line.
3. It's still too weak. 56 bit DES isn't enough- it can very probably be
cracked in < 12 seconds by the NSA. If not real time.
4. It's the camel's nose in the tent. First "key recovery"
then full GAK then penalties/jail time for for "terrorists"
or "gang members" who use unGAKd crypto.
--
Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
Return to October 1996
Return to ““William H. Geiger III” <whgiii@amaranth.com>”