Message-Id: <9308020407.AA26817@longs.lance.colostate.edu> To: cme@ellisun.sw.stratus.com (Carl Ellison) Subject: Re: Sterilized medflies of crypto Date: Sun, 01 Aug 93 22:07:21 -0600 From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
By "milking the algorithm talk", I'm talking about getting everybody to look at the algorithm which might easily be secure and ignore the weakness: the registration of keys.
I don't care about the algorithm. I care about registration. That's what I want to see people/press/citizens outraged about.
amen. Sorry you didn't elaborate on this on the list.
OK -- here's my replies for the list.
The whole Key Escrow thing is totally ill conceived. It is clearly not the underlying point of the proposal. They don't name the entities. Denning comes up with some strange explanation of laptops in a vault shortly after the announcement. It is so transparent it is pathetic--but unfortunately the issue is largely framed as `who will be the agencies' in many places so far...
I believe key registration is the *whole point* of the Skipjack proposal. This is the first time in the history of cryptography, as far as I can tell, when a government has tried to interfere with the private citizenry's ability to use strong cryptography -- and they're doing it strictly through key registration. However, being clever folks, they have added a strawman to the proposal. They proposed an NSA-designed algorithm -- something people would fight in such a way that the government could hopefully turn around and call the opponents paranoid and get the public to believe the gov't, writing off the opposition. Look back at the original announcement. The gov't said, in effect, 'if you don't like to use NSA's algorithm, you're free to design algorithms of your own provided they permit key escrow.' Then they left that as a note -- an aside -- and proceeded to take on all comers w.r.t. the Skipjack algorithm. I say: don't fight their strength, even if it's flawed. It's a tar baby at best. We should fight the only thing which matters: key registration. What's important about key registration, to me, isn't the details. It's the philosophy. This is the first time in the history of the world that the government has laid any claim at all to a citizen's cryptographic keys. The government has never had a right to private keys. The private crypto users have always had strong crypto. The government should never have the right to private keys. Private crypto users should always have strong crypto in the future. - Carl