1997-12-06 - Re: SynData/Schneier Attack Network Associates

Header Data

From: “William H. Geiger III” <whgiii@invweb.net>
To: Wesley Griffin <wgriffin@enslaved.student.umd.edu>
Message Hash: a03496c47b816b3413b5b3db665b70f2fbba0fa0e4be86db411ed06ba12bb118
Message ID: <199712060253.VAA17377@users.invweb.net>
Reply To: <199712052053.PAA14508@enslaved.student.umd.edu>
UTC Datetime: 1997-12-06 03:03:32 UTC
Raw Date: Sat, 6 Dec 1997 11:03:32 +0800

Raw message

From: "William H. Geiger III" <whgiii@invweb.net>
Date: Sat, 6 Dec 1997 11:03:32 +0800
To: Wesley Griffin <wgriffin@enslaved.student.umd.edu>
Subject: Re: SynData/Schneier Attack Network Associates
In-Reply-To: <199712052053.PAA14508@enslaved.student.umd.edu>
Message-ID: <199712060253.VAA17377@users.invweb.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

In <199712052053.PAA14508@enslaved.student.umd.edu>, on 12/05/97 
   at 03:53 PM, Wesley Griffin <wgriffin@enslaved.student.umd.edu> said:

>> At 11:42 AM 12/5/97 -0500, you wrote:
>> > "The government's key recovery program is a complete violation of the
>> > individual's right to privacy and, in fact, compromises of the system are 
>> > already taking place. This shows that key escrow is an untenable policy," 
>> > said Bruce Schneier, one of the world's leading authorities on encryption 
>> > and author of the book "Applied Cryptography". "SynData is paving the
>> > way for other software developers by taking a stand in opposition to the 
>> > government and companies like Network Associates." 
>> 
>> 
>> By "companies like Network Associates", do you mean "companies who are
>> members of the Key Recovery Alliance" (http://www.kra.org)? If so, here are
>> the "companies like Network Associates", in that regard:  [Note RSA is a
>> Charter Member]

>This statement is seriously confusing Key Recovery and Key Escrow.  They
>are  NOT the same thing.  Everybody knows what Key *Escrow* is and that
>it sucks.   Key Recovery is *very* different in that are no databases
>kept of private keys. The website you mentioned (http://www.kra.org)
>contains some very good info on  how Key Recovery works.  I would like to
>see the source of Schneier's quote  also, because I can't believe he
>could get the two confused.

There is no confusion here. KRAP supports GAK plain and simple. They want
the government to be able to get into everyone's nickers and are actively
working on making this possible (of course with the promise of nice
government contracts and easing of export restrictions).

Key Recovery= Key Escrow = GAK it's all the same thing. Unauthorized 3rd
parties gaining access to your data without your consent and more than
likely without you knowledge.

I think that most on this list would agree that this is a BadThing(TM).

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://users.invweb.net/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html                        
- ---------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNIi95I9Co1n+aLhhAQLXogQAnbwCtBzlLC3/NvsHI0YDziJ1a6pyYWp1
QF1j4G5Oy50QZv36E+BagETsGOH2cNw6p0LTCinc//TKuY9TXS94EWftIvROvJHp
x3eeWZMeqtzKn0k/8ABdT6cCXGJ6itoT6DjiDUsU5gZQ/uRCxlEsrxzFgExIkP2t
npwvKpneqLE=
=QqK1
-----END PGP SIGNATURE-----






Thread