1997-10-24 - Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: kent@bywater.songbird.com
Message Hash: 530e1e78ef54f9ef33676cfbb933e8698251350189d1b12a1517ba26d5111bfd
Message ID: <199710241403.PAA01514@server.test.net>
Reply To: <19971022174848.58494@bywater.songbird.com>
UTC Datetime: 1997-10-24 15:35:49 UTC
Raw Date: Fri, 24 Oct 1997 23:35:49 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 24 Oct 1997 23:35:49 +0800
To: kent@bywater.songbird.com
Subject: Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)
In-Reply-To: <19971022174848.58494@bywater.songbird.com>
Message-ID: <199710241403.PAA01514@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Kent Crispin <kent@bywater.songbird.com> writes:
> Declan writes:
> > I agree that PGP 5.5 doesn't meet the FBI's demand for realtime access. But
> > it can be used as a waving-around-on-the-House-floor prop to pass a law
> > that requires mandatory key escrow.
> 
> They could wave around TIS's products (designed by noted cypherpunk
> Carl Ellison, I believe), or NorTel's Entrust, just as well.  Hell, in
> a few months they may be able to wave around Adam Backs CDR product,
> which also facilitates GAK -- access to communications is worse than
> access to data, by some measure, but the LEA's will certainly be
> grateful to Adam for his legitimization of Key Escrow... 

I think there is a large difference between storage key recovery and
message key recovery.  Also a difference between message key recovery
and including information with the message allowing it to be recovered
by fourth parties.

Yes, governments would like to come take your disk, but they've got to
come and get it first.  And when they get there they may find you are
not using GAKked keys on your disk encryption.  They won't know until
they try.  With email GAK and recovery info with the email, they can
tell from remote snooping if you are cheating.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






Thread