1997-09-05 - Key Recovery is Bad for US Security

Header Data

From: Bill Frantz <frantz@communities.com>
To: cypherpunks@toad.com
Message Hash: 3b5384b5e1c68d6ecbd520ef4179f686597e1ec58a1f36706cd278761bc8bc0f
Message ID: <3.0.32.19970905103052.00700338@homer.communities.com>
Reply To: N/A
UTC Datetime: 1997-09-05 18:05:27 UTC
Raw Date: Sat, 6 Sep 1997 02:05:27 +0800

Raw message

From: Bill Frantz <frantz@communities.com>
Date: Sat, 6 Sep 1997 02:05:27 +0800
To: cypherpunks@toad.com
Subject: Key Recovery is Bad for US Security
Message-ID: <3.0.32.19970905103052.00700338@homer.communities.com>
MIME-Version: 1.0
Content-Type: text/plain



Here is a copy of an email I sent to the senior senator from California
this morning.

Senator Feinstein:

I am extremely disturbed to read your comments in favor of mandatory "key
recovery".  Besides being a disaster for American software companies, and a
clear violation of the constitution's protections of freedom of speech,
these systems are harmful to the security of the United States.

All cryptographic systems are extremely difficult to get right.  The SSL
protocol developed by Netscape Inc., which doesn't provide for "key
recovery", went through three versions before the major problems were
removed.  "Key recovery" systems are, as Professor Dorothy Denning
testified, much more complex than similar systems which do not include that
feature.  In fact, the key recovery system built into Clipper, with the
advice of the National Security Agency, had flaws as documented by Matt
Blaze of AT&T Bell Laboratories.  If the best cryptographic group in the
world can't get it right, how can we expect these systems to be secure.

What do we risk with insecure systems?  We risk compromising the legitimate
secrets of non-classified government agencies, including IRS records;
United States companies, including delicate international negotiations; and
individual Americans, including their medical records.  Even worse, if some
group should decide to launch an information war attack on the United
States, these flaws may allow them to access sensitive systems in the
finance, transportation, and energy sectors.  One simple way this attack
could occur is if the access codes are distributed using a flawed
encryption system.

I hope you will reconsider your stand on this issue.

William S. Frantz
16345 Englewood Ave.
Los Gatos, Ca 95032

Capability Security Architect - Electric Communities


Bill Frantz                                  Electric Communities
Capability Security Guru                     10101 De Anza Blvd.
frantz@communities.com                       Cupertino, CA 95014
408/342-9576                                 http://www.communities.com






Thread