1996-10-18 - Re: Binding cryptography - a fraud-detectible alternative to key-esc

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: “Bert-Jaap Koops” <E.J.Koops@kub.nl>
Message Hash: 3f12ced8a75e2f34e93cd22e5076726e8c2472bcb42a537c22d3c246fb4b05d9
Message ID: <199610180222.TAA16263@netcomsv.netcom.com>
Reply To: N/A
UTC Datetime: 1996-10-18 02:22:47 UTC
Raw Date: Thu, 17 Oct 1996 19:22:47 -0700 (PDT)

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 17 Oct 1996 19:22:47 -0700 (PDT)
To: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Subject: Re: Binding cryptography - a fraud-detectible alternative to key-esc
Message-ID: <199610180222.TAA16263@netcomsv.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I haven't seen the technical papers behind the postings you've made
to the net, but the overall approach sounds very similar to "Clipper II",
the Software Key Encryption work that the TIS people (Steve Walker?) and
Dorothy Denning were touting a year or so ago.  It wasn't in your references,
and it's clearly close enough to be worth your attention.  The design was
interesting -
it chose a set of public and symmetric key encryption that allows the recipient
to validate the sessionkey-encrypted-to-key-copy-holder*.

A not-highly-technical description of the TIS CKE Commercial Key Escrow
system is at http://www.tis.com/docs/products/cke/present.html,
particularly present9b.html.  It's worth reading for the appalling graphics
alone :-)  I don't seem to have a copy of the technical description anywhere.
<IMG href="http://www.tis.com/docs/products/cke/pres7a.gif">

A major capability that was missing from Walker's SKE work is the ability
to split the copied* key into two or more parts, all of which are need to
recover the session key, while making it possible to validate that the
pieces do add up to the session key.  (This was also missing from the Clipper
chip in hardware, which pretended to do it in the master key setting process.) 
Can you extend the approaches you're using to allow an outside party,
or at least the recipient, to validate that the two parts of the copied key
contain the complete session key? 


[* I'm using the terms "copied key" and "Key copy holder" to refer to the
copy of the key that you're giving to some third party and the third party.
The term "escrow" is generally not applicable to the applications that
transmit a copy of the key to some third party, and the technologies
involved don't specify, communicate, or enforce conditions for access.
TIS's CKE does at least cart around a 32-bit user-defined string for specifying
recovery conditions, but there's not technical enforcement.  ]

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.






Thread