From: Bill Stewart <stewarts@ix.netcom.com>
To: “Peter D. Junger” <junger@upaya.multiverse.com>
Message Hash: bd32e2797dfcaed1acebf23001c1145efeec6eca3d2454def94cbb77423f0785
Message ID: <3.0.1.32.19970324005655.00627bd8@popd.ix.netcom.com>
Reply To: <199703231301.IAA13505@upaya.multiverse.com>
UTC Datetime: 1997-03-24 09:00:42 UTC
Raw Date: Mon, 24 Mar 1997 01:00:42 -0800 (PST)
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 24 Mar 1997 01:00:42 -0800 (PST)
To: "Peter D. Junger" <junger@upaya.multiverse.com>
Subject: Re: UK to ban free use of crypto?
In-Reply-To: <199703231301.IAA13505@upaya.multiverse.com>
Message-ID: <3.0.1.32.19970324005655.00627bd8@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
The document is at http://dtiinfo1.dti.gov.uk/pubs/
At 08:01 AM 3/23/97 -0500, Peter D. Junger wrote:
>After a very quick reading of this proposal I am convinced that all it
>would do if implemented by legislation that follows its recommendations
>would be to forbid those who are in the UK from using an unlicensed
>key escrow services.
>
>It quite clearly does not intend to ban the use of cryptography or the
>publication of cryptographic software.
And Michael Froomkin offers similar sentiments. They're both lawyers,
and I'm not (:-), so they're expected to do a better job of reading
the legal parts of it. On the other hand, the DTI says:
57.The legislation will provide that bodies wishing to offer
or provide encryption services to the public in the UK will be
required to obtain a licence. The legislation will give the
Secretary of State discretion to determine appropriate licence conditions.
and it's got a really broad definition of "encryption services",
including even things such as time-stamping.
The big problem is that the document has a really warped view of the
cryptographic and business services that a "Trusted Third Party"
would provide, and some parts are expressed in quite broad language.
For instance, it implies that the TTP is being trusted with private keys,
otherwise there would be no way for it to recover anything.
On the other hand, from their Q&A:
Q: Will a TTP be able to access an encrypted message ?
A: No. It is important to be clear that it is not envisaged
that the encrypted communication would be routed via the TTP.
Nor will the TTP encrypt the message, it will merely assist
(depending on the service offered) in the very complex area of
key management or Key Certification.
If the TTP is not encrypting the data, they don't need the secret key
or your private key. They DO need your public key, to sign it,
so a second party can trust that a key they have is really yours.
But you and the second party can use the signed keys to exchange a
secret session key, or to sign documents, without the TTP's help.*
So their primary description of what a TTP would do does not involve escrow.
Keys are used for three things - communications, signatures, and storage.
As discussed above, for communications, the TTP doesn't need your private key,
and there's no business need for anyone to have the keys to decode a
communication unless they already have the cyphertext. Business applications
that do require a third party to have a copy of your _message_ can be
met by sending them a copy of your message, encrypted with their key,
and the document explicitly says it's not talking about them.
Similarly, cell-phone companies are providing encryption and routing,
so this document claims not to be about them, though it regulates them.
The only third parties who need just the session key itself are
eavesdroppers and forgers, who are Untrusted Third Parties.
For signatures, there's also _never_ a need for the third party to
have the private keys - the function you Trust the Third Party to do
is to certify that the holder of the key either is who he claims to be
or has the permissions he claims to have (e.g. to write purchase orders
or sign contracts for Company X.) And the document even states that
"There is, of course no intention for the Government to access private keys
used for only integrity functions."
The main time you want another party to have a copy of your keys
is for stored data: to cover the "employee dies" case
(the document explicitly permits companies to handle their own keys
without regulation, so no TTP is needed here), and the
"you die, and your family digicash is in your encrypted file system" case,
for which you can give a copy of your key to your spouse or solicitor,
or keep it on a floppy in your bank safe deposit box, all of which cases
are presumably covered by current law in the UK just as they are in the US.
SO - what _is_ all this malarkey about "legal access" and "key recovery"
and "key escrow" systems? The document claims repeatedly that it's not
purporting to regulate any of the conditions under which a Third Party
would ever be Trusted with the keys you actually encrypted something with.
There's a whole lot of material about restricting who can be in the
business and offer these services, seemingly designed to either
restrict the emergence of new services or to be later expanded to cover
other parts of the encryption business, such as supplying encryption software.
And it's very unclear about whether it covers the encryption services
used in inter-corporate projects such as Mondex - as a stockholder and
customer of some of those companies, this concerns me.
In particular, the expansion appears to be targeted specifically at the
UK end of the Stronghold Apache-SSL web server, Adam Back's RSA Munitions
Shirts,
the PGP and Crypto Software distribution site at Oxford, and Ross Anderson.
[*There are non-public-key systems where the TTP handles the secret keys,
but they're typically older or specialized military or banking systems,
where the TTP isn't an independent party, and are generally superseded by
public-key systems now that the technology is practical.]
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
# (If this is a mailing list, please Cc: me on replies. Thanks.)
Return to March 1997
Return to “Bill Stewart <stewarts@ix.netcom.com>”