From: "Peter Trei" <trei@process.com>
Date: Thu, 7 Nov 1996 11:39:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: (Fwd) Re: Euro Key Escrow
Message-ID: <199611071939.LAA19203@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>From the SSL-users mailing list.

------- Forwarded Message Follows -------
Subject:       Re: Euro Key Escrow
To:            ben@algroup.co.uk
Date:          Thu, 7 Nov 1996 13:42:16 +0100 (NFT)
Cc:            cypherpunks@toad.com, ssl-talk@netscape.com, ssl-users@mincom.com,
               ietf-pkix@tandem.com, ben@gonzo.ben.algroup.co.uk
From:          um@c2.net (Ulf =?ISO-8859-1?Q?M=F6ller?=)

> It is, apparently, true that the EC is considering schemes for key escrow, by
> "trusted third parties"

There is an extensive survey at the European Cryptography Resources page,
http://www.modeemi.cs.tut.fi/~avs/eu-crypto.html

The EU commission's group DG XIII has been discussing key escrow for quite
some time, but they have not yet been able to agree on a position.
Jerome Thorel has posted some rather scaring interviews with EU official
David Herson who is in favor of a key esrow scheme. Victor Mayer-Schoenfelder
reports that crpyo regulation is likely to be delegated to the more liberal
DG XV.

A number of member states, such as Denmark, very unlikely to accept key
escrow.

> ftp://ftp.dcs.rhbnc.ac.uk/pub/Chris.Mitchell/istr_a2.ps

Ross Anderson has analyzed Mitchell's scheme, drawing the conclusion that
"The GCHQ protocal is very poorly engineered." See
ftp://ftp.cl.cam.ac.uk/users/rja14/euroclipper.ps.Z

> I'm informed that this is likely to be introduced into EC legislation, though
> my understanding is that members are not required to actually incorporate the
> legislation. No doubt France will embrace it with happy shouts.

The final decision will almost certainly with the member states, because
cryptography is considered essential for national security.