At 2:53 am -0400 on 9/15/97, Bill Stewart wrote:
Building an infrastructure for a system that has keys generated by users, by the millions, is much harder than building one for a small centralized system.
Which is why I now believe that GAK, of any form, is doomed. It's economically impossible. For instance, it will be much cheaper to double encrypt to a corporate key ala PGP than to escrow, and so the government may require access to those keys instead. However, even then the cost of key management -- especially for communications -- will choke any attempt to manage duplicate-encryption keys as well. Probably for all but a few kinds of files, like those kept by the people at the tops large hierarchical organizations. The government, say? :-). Those few files the government will be able to decrypt will provide a basis for claims of their plan's efficacy, of course, just like noise-level "examples" of welfare helping someone as "proof" of economic efficacy for the welfare state allowed its perpetuation for so many years. But you cannot ignore reality forever, as Britain discovered with welfare almost 15 years ago, and we're only now figuring out for ourselves in the US. Even totalitarianism cannot ignore economic reality, as Russia and China have shown us. Not that capitalism equals freedom, of course, but there can be a sizeable correlation, particularly when your average business is a small one. :-). However, I think that in the case of GAK, this act of totalitarianism is economically impossible. If GAK's implemented, people may get hurt before it finally goes away, but it eventually won't be useful for much from a national security prospective, and its maintenance costs will eventually choke it. Actually, it's probably not possible to make even the prototypes physically practicable, much less economically so, even if Washington does pass a law mandating their existence. It would be like passing the 1963 law which formed Comsat, in, say, 1933. Particularly if the use of strong cryptography continues it's exponential increase. That's because the primary economic benefit for deploying the strongest possible cryptography still remains. You can't do business over the internet without it. (It has been this central fact which keeps me interested in cryptography and the cypherpunks list in particular, and my conversion over time to a cryptoanarchic world-view has been based on this fact. Oddly enough, I find most of the philosophic and political arguments on cypherpunks to have a largely economic component to them at root, which makes sense, because market reality is just as tangible as physics. Physical reality dictates politics and philosophy, and not the other way around.) Anyway, you can, however, do business over the net without GAK, and since, I claim, the eventual lowest-cost transaction on the internet will be some form of anonymous digital bearer certificate, it will never be the case that GAK is economically necessary, even under the ruse of enforcing non-repudiation. In fact, even if all transactions remain book-entry ones, the exploding total transaction volume and competition to make those transactions efficient will make GAK economically impossible, because it provides no tangible benefit to those who use cryptography for business. There's no economic return on the additional cost. The cost of anything is the foregone alternative, and the cost of GAK causes you to forego a lot of money and potential revenue and doesn't buy you anything in return. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/