Bruce Schneier wrote:
From: "Barbara Simons" <simons@VNET.IBM.COM>
Some of these are old arguments that we've been hearing for a while, but some are newer. In particular, points 4 and 6 are difficult to refute without getting into some technical details. Both points also undercut the argument that a key recovery infrastructure potentially weakens security. After all, the NSA thinks it's secure enough that it can be used by the government.
Non-technical point: the NSA (reportedly) has no intention of using GAK for classified information. They know that it weakens security. Do the privacy of the nation's data and the security of its information infrastructure deserve the same consideration as the Pentagon's "Confidential" memos? When you're planning to build in a single point of failure, this is a question you have to ask. -- Eli Brandt | eli+@cs.cmu.edu | http://www.cs.cmu.edu/~eli/