Bruce Schneier wrote in his newsletter
It seems that every few months we get key-escrow repackaged with a new name. The latest new name is "Private Doorbell," and the spin is that the keys are escrowed in the routers. Other than the name, there's really no difference between this and other key escrow schemes:
Based on the talk by Elizabeth Kaufman from Cisco at the Bay Area Cypherpunks meeting, I'd say you're wrong. (I'm pleasantly surprised; this is the first "compromise" I haven't rabidly disliked.) (Elizabeth says not to blame her for the name, it's Cisco's PR folks' fault.) The Private Doorbells proposal says that routers that encrypt have a clear side and a black side, and if you want to wiretap them, you can already wiretap the clear side, so Louis Freeh should be happy enough (since it meets the "legitimate needs of law enforcement", even though it the blocks no-warrant no-knock wiretaps he'd really like) so just give us the export permits we want and stay off our backs. There's no special key escrow in the routers, it's just doing what encrypting routers do already, and if Big Louie wants to wiretap an ISP today, he can try to get a warrant and then do it. It seems to me that there's a minor catch - routers with multiple private-line encrypted interfaces can decrypt and encrypt traffic without ever hauling it through an Ethernet where it'd be easy to tap, but most of those configurations still have an Ethernet somewhere, and any Bad Guy who's doing encryption at the endpoints ought to be using end-to-end encryption anyway. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639