At 11:10 AM -0700 10/15/97, Eli Brandt wrote:
Non-technical point: the NSA (reportedly) has no intention of using GAK for classified information. They know that it weakens security.
Do the privacy of the nation's data and the security of its information infrastructure deserve the same consideration as the Pentagon's "Confidential" memos? When you're planning to build in a single point of failure, this is a question you have to ask.
This also applies to CMR as well. Whatever the perceived business reasons for CMR, the fact is that it introduces additional failure points. No longer will Alice and Bob be secure that at least there are no "other readers" in the channel between them (what they do with the plaintext after decryption is of course solvable by no technology). And, contrary to some of what we've been hearing, even corporations have continuing needs to know that a communication between Alice and Bob, within a corporation or crossing the corporate boundary, is not being listened to by any other person. Merger negotiations are one obvious example. (There are workarounds, I suppose. CMR could have a "override" switch to turn off the CMR to a second key. But who decides on this? Maybe a signed message from a suitable higher-up? Ah, the complexity. And executives wanting to bypass CMR can and will use other channels. So many of the goals of CMR are out of reach....) Instead of choosing an example where CMR apparently "works," such as Crispin's example of a corporation using CMR to detect (as if it weren't detectable in other ways!) that an employee is operating a porn ftp site from company computers, let me throw out some examples where CMR introduces flaws into a security system. * Andy Grove sends a PGP 5.5-encrypted message to T.J. Rodgers, CEO of Cypress Semiconductor, outlining the plans for Cypress to be acquired by Intel. However, Cypress has implemented CMR, and one of the "second readers" of Andy's message is the cryptically-named (no pun intended) "CCCP" (Corporate Crypto Compliance Police), staffed by security guards and personnel management droids. Major security flaw. (Sure, one can imagine various levels of "second readers." But I rather doubt that most of them will be _offices_, with changing staffs. While one could, for example, designate "Gordon Moore" to be the second reader of all files encrypted to Andy Grove's key, I rather doubt this is the way CMR will play out.) * Craig Livingstone, at whitehouse.gov, is the Key Compliance Officer for all communications entering or leaving the White House. Enough said? * Sheep-dipped cutouts in defense companies await their orders from DoD, but find that other readers in their companies are monitoring them. And so on. "Three can keep a secret if two of them are dead." (Ben Franklin) What will of course happen is that these "security flaws" will be plugged by subterfuge. People will stop using the corporate mail for many such tasks, and will use nonwork accounts. With some loss of efficiency, and even more opportunities for leaks. (If firewalls are in place, on outside net connections, employees can just dial out. Or use Metricom Ricochet modems, if conditions are favorable for reception. Or wait until they go home.) In fact, CMR will mostly just mean bland, interdepartmental messages get "recovered." As I said before, this is a pretty crude way to implement a kind of corporate archiving of information. Truly sensitive stuff--stuff about takeovers, foreign production plans, new products, etc.--will be encrypted with channels having no nosy security guards or Corporate Crypto Compliance Police silently listening in. Which means we're back to square one. So why does PGP, Inc. bother? And why should OpenPGP squander efforts worrying about this? --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."