Vladimir Z. Nuri writes:
cpunks, a note about recent developments in "key recovery" initiative.
[...]
is the government always going to be your enemy, no matter what they do?
It seems to be bent on doing so.
I have posted here before that many companies find the concept of "key recovery" highly acceptable and even desirable. the basic question is, what does this mean to wiretapping and search warrants and subpoenas?
They get served, and the keys are produced. Same with personal crypto- if I'm in court and some encryped file that I have the key for is demanded as evidence, I provide the key or get hit with contempt of court, my choice. No one is arguing about that. The objections to Clipper III are: 1. built-in wiretapping. Clipper III requires that subjects of "key recovery" wiretaps are not notified of the government's "recovery" of their keys. While this _is_ analagous to phone wiretaps, it is not of anything else. The cops have to serve you a warrant, not sneak in and read the papers in your desk. Why should encrypted files be different? 2. Coercion. I don't see anything wrong with key escrow (original meaning, not GAK). I think it's useful for business. Required for some. It's being coerced to implement it that is distasteful. If you think that Clipper III isn't coercion, you're wrong- note that the licenses to export GAKware are reviewed every 6 months and expire after 2 years if GAK isn't in place. That's a clear "you're on our side or your not" from the government. Having the possibility of your product suddenly becoming worthless every 6 months will keep companies in line. 3. It's still too weak. 56 bit DES isn't enough- it can very probably be cracked in < 12 seconds by the NSA. If not real time. 4. It's the camel's nose in the tent. First "key recovery" then full GAK then penalties/jail time for for "terrorists" or "gang members" who use unGAKd crypto. -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF