From: jim bell <jimbell@pacifier.com>
Date: Wed, 9 Oct 1996 19:13:40 -0700 (PDT)
To: "Bert-Jaap Koops" <cypherpunks@toad.com
Subject: Re: Binding cryptography - a fraud!
Message-ID: <199610100212.TAA07954@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:00 PM 10/9/96 MET, Bert-Jaap Koops wrote:
>The text is also available at
>http://cwis.kub.nl/~frw/people/koops/binding.htm.
>
>9 October 1996
>Eric Verheul, everheul@ngi.nl
>Bert-Jaap Koops, koops@kub.nl
>Henk van Tilborg, henkvt@win.tue.nl
>(c) 1996 Eric Verheul, Bert-Jaap Koops, Henk van Tilborg
>This message may only be redistributed in its entirety and with
>inclusion of the copyright notice. Credit if quoting.
>
>_Binding Cryptography, a fraud-detectible alternative to key-escrow
>proposals_
[stuff deleted]

>The idea is that any third party, e.g., a network or service provider,
>who has access to components 2, 3 and 4 (but not to any additional
>secret information) can: 
>a. check whether the session keys in components 2 and 3 coincide; 
>b. not determine any information on the actual session key.
>
>In this way, fraud is easily detectible: a sender that attempts to
>virtually address a session key to the TRP (component 3) that is
>different from the real one he uses on the message (or just nonsense)
>will be discovered by anyone checking the binding data. If such
>checking happens regularly, fraud can be properly discouraged and
>punished.

I am at the same time dismayed and disgusted at the tendency of some people 
to want to "detect fraud" on the part of ordinary citizens, as this paper 
appears to want to do, but says _nothing_ about preventing fraud 
_by_government.  How is the average citizen to know if keys are being given 
out to government agents for valid reasons?

I am further enraged by the last portion of the paragraph above where he 
says, "fraud can be properly discouraged _and_punished_"  Why "punished"?   
Why call it "fraud"?  Why should sending the "wrong" bits become a crime?  
The US government, for example, has repeatedly claimed that key-escrow 
systems should be "voluntary."  Presumably, except for authoritarian and 
totalitarian countries, no other country should force their own citizens or 
others to use any sort of key-escrow/GAK system.

Maybe I'm biased:  I'm a libertarian who believes that sending the wrong 
bits shouldn't be considered a crime.  The problem we have is with the 
politicians, NOT primarily the criminals.  Giving the government the ability 
to punish people merely for sending the wrong bits (absent some other, REAL 
crime) is an enormous step backward.  And if they're guilty of a real crime, 
why bother about the bits?

Even if I believed in GAK, which I don't, I don't think governments or 
anyone else should be able to determine whether the "correct" code is 
included with the data until and unless the government has a valid warrant, 
with protections against government fraud, and has received the correct 
code.  That is the only point at which the government (even arguably) has a 
legitimate reason to know this.



Jim Bell
jimbell@pacifier.com