From: Eli Brandt <eli@gs160.sp.cs.cmu.edu>
Date: Thu, 16 Oct 1997 02:24:31 +0800
To: cypherpunks@toad.com
Subject: Re: FCPUNX:PGP Key Escrow and Congress
In-Reply-To: <199710141935.PAA13621@beast.brainlink.com>
Message-ID: <199710151811.LAA23906@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



Bruce Schneier wrote:
> From: "Barbara Simons" <simons@VNET.IBM.COM>
>
> Some of these are old arguments that we've been hearing for a while,
> but some are newer.  In particular, points 4 and 6 are difficult to
> refute without getting into some technical details.  Both points also
> undercut the argument that a key recovery infrastructure potentially
> weakens security.  After all, the NSA thinks it's secure enough that it
> can be used by the government.

Non-technical point: the NSA (reportedly) has no intention of using
GAK for classified information.  They know that it weakens security.

Do the privacy of the nation's data and the security of its
information infrastructure deserve the same consideration as the
Pentagon's "Confidential" memos?  When you're planning to build in a
single point of failure, this is a question you have to ask.

-- 
     Eli Brandt  |  eli+@cs.cmu.edu  |  http://www.cs.cmu.edu/~eli/