At 14:06 -0400 10/22/97, Jonah Seiger wrote:
While I suspect that new key recovery or CMR products may create some new traction for supporters of mandatory GAK, PGP 5.5 is not the first example of such a product (TIS has been marketing key recovery products for a while).
Of course TIS has been doing this forever. But TIS, a shop staffed by former NSA spooks, is not the PGP that Phil Zimmermann founded. For PGP to release such a product changes the political dynamic in important ways.
More importantly though, the Blaze et al study (http://www.crypto.com/key_study) did not say that key recovery/key escrow systems can't be built.
In fact it said: "Building the secure infrastructure of the breathtaking scale and complexity that would be required for such a scheme is beyond the experience and current competency of the field." Sounds like "can't be built" to me.
So far, Soloman, the FBI, nor other mandatory GAK supporters have said that PGP 5.5 or other key recovery products on the market today solve their so-called 'problems'. I don't really expect them to. They seem to want much much more.
I agree that PGP 5.5 doesn't meet the FBI's demand for realtime access. But it can be used as a waving-around-on-the-House-floor prop to pass a law that requires mandatory key escrow. -Declan