From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 25 Feb 1997 07:15:08 -0800 (PST)
To: Toto <toto@sk.sympatico.ca>
Subject: Re: Clipper article in  Cu Digest, #9.10, Wed 20 Feb 97
In-Reply-To: <3.0.1.32.19970221091636.00639720@popd.ix.netcom.com>
Message-ID: <3.0.1.32.19970224182039.00625ce8@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:44 AM 2/22/97 -0800, Toto wrote:
>Bill Stewart wrote:
>> >  DOD has for years pressured civilian agencies to use government 
>> >  escrow technology, but the agencies were wary of the law 
>> >  enforcement access.
>> >  Stephen Walker, president and chief executive officer of Trusted
>> >  Information Systems Inc. (TIS), said the policy will remove the 
>> >  last remnants of the Clipper and serve as an official endorsement
>> >  of key recovery technology.
>  So now civilian agencies should 'not' be wary of key recovery?
>  If the DOD recommended breathing, I'd stop.

It's nice to know that the NSA's own government hasn't trusted Clipper
enough to widely adopt it, and I was as impressed as you were with
Walker's sleaziness...  Either the civilian Feds don't believe the 
"legitimate needs of law enforcement" apply to them, or they don't trust 
the spooks to handle their keys carefully, or (more likely) there aren't
any Clipper products that really meet their operational needs.  

Back when the STU-III was still called the "Future Secure Voice System"
the DoD was telling manufacturers they'd probably sell 500,000 of them,
between the DoD unclassified work, law enforcement users, defense 
contractors, and similar riff-raff.  I don't know how many were actually 
sold, but I'd be surprised if it's a tenth of that; the government
was too cheap to spend $2-3K per box for that many users.

"Key Recovery" is a broader and sleazier term than "key escrow";
it doesn't force you to buy a specific espionage-enabled product,
as long as you can demonstrate to the government that they can break in.
Rot13 and RC4/40 inherently provide key recovery (:-),
and DES presumably does (using NSA custom hardware).  
But PGP also gives you key recovery - just Cc: your Trusted Third Party 
whenever you encrypt something......  (Hmmm.  I don't trust the
Democrat or Republican Parties - guess that leaves the Libertarians? :-)


P.S. On breathing - that's not DoD jurisdiction; the FDA regulates oxygen ...

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)