Quoting: "Vladimir Z. Nuri" <vznuri@netcom.com>
I tend to agree with Clark in only one regard: the government is going to get into the key storage/retrieval business in some form or another eventually & inevitably; it's just not stoppable.
Well, I would tend to disagree. If PGP weren't out, you might conceivably have a point. Given that it is out, are you suggesting that the NSA would be able to make all copies of it go away? And all copies of PEM? And everyone else's encrypted Email programs including all those available from many other countries? Shutting down the Internet completely wouldn't be a sufficient measure to make that happen.
the aspect that is up for grabs is whether these systems will be *mandatory* for all private communication.
I remember some clear statements that this is the goal, as should be obvious, since any smaller goal doesn't make any sense.
here's a quick idea. the post office is getting into certification authorization come hell or high water (ETA summer, 96). now, frankly I think this is a good thing. someday we will need some kind of legal agency to deal with citizen keys, so that we could have cryptographic dealings with federal agencies such as the motor vehicles department, etc.
Well, I don't know why a government agency that calls itself a non-government agency one minute and hides underneath special government monopoly privileges should be given yet another special privilege, but anyway... yes, clearly at some point we will need certification that will make digital signatures useable. However, that has NO connection with GAK, and in fact is a strong argument against it. If the government has access to my keys, then why should anyone trust my signature? Conversely, certification for digital signatures involves making statements about the validity of PUBLIC keys, and imposes NO requirement on private keys. paul