At 12:02 AM 2/23/96 -0800, Bill Frantz wrote:
At 11:16 PM 2/22/96 -0800, Timothy C. May wrote:
And we should all remember, again, that basic observation: even if "key escrow" is needed to recover *stored* files, it sure ain't needed for *communications*!!
If a key is being generated for two way communications, then it should be generated via a protocol like Diffie-Hellman which leaves no recoverable knowlege of the key outside the participants, and discarded when the session is over of frequently, whichever occurs more often. This procedure will reduce the incentive for rubber hose attacks to recover these keys.
I noted long ago that one disadvantage with having a single, standardized encryption chip (like Clipper, even with the key-escrow un-enabled) is that the NSA has plenty of money in its budget to build a fake chip that can be installed during a black-bag job. True, if they could fake one chip they could fake 10, but it's harder to do and the demand for any single kind of chip might drop to one per year. Unfortunately, a sufficiently-complex FPLD would probably sub for anything if it were in the right package...