At 5:24 PM 11/7/1996, Timothy C. May wrote:
At 6:56 PM -0600 11/7/96, Andrew Loewenstern wrote:
middle men). Weak Crypto (i.e. GAK) does not offer these features because the weak point in the chain becomes a mostly disinterested low-wage employee at the KRC, which is likely to be operated by a foreign government! Any businessman can immediately understand why this is unacceptable, especially with all of the economic espionage stories going around corporate america.
And the GAK advocates have never clarified how an international system will work. Even if one accepts the dubious hypothesis that the U.S. has a noncorrupt, benign government, what of other countries? Is Ghaddaffi the keeper of keys in Libya? How about the military government of Burma?
I can imagine no scheme which could possibly solve this problem. None. The problem of "rogue governments" (and maybe all governments are rogue to at least some other governments) means no simple solution. And the Administration has done nothing to clarify how this will all work.
I cannot speak for the GAK advocates. However, you could establish a system where messages between two countries are encoded with keys which are made available to only the two countries in question. A really simple scheme to do this would be for each country to publish a public key. You would be required to encrypt the key to the message with the national public key. That scheme would be fast to deploy. In a more complicated and secure scheme, you would be given a public key from each country that was unique for your communications at the same time you were granted your international communications license. The unique public key would be managed by a small group of people. This means that if it was ever compromised, most message traffic would be secure and those who were responsible would be easy to find. The only way you are at the mercy of the Libyans is if you do business in Libya. Peter Hendrickson ph@netcom.com