Declan McCullagh <declan@well.com> writes:
More importantly though, the Blaze et al study (http://www.crypto.com/key_study) did not say that key recovery/key escrow systems can't be built.
In fact it said: "Building the secure infrastructure of the breathtaking scale and complexity that would be required for such a scheme is beyond the experience and current competency of the field." Sounds like "can't be built" to me.
They are right: it can't be built securely. But that's not what the NSA et al are saying, they are saying we can build it if you trust us not to divulge the keys. Clearly they can. Also clearly we don't trust them. The Ames syndrome dictates that sooner or later someone will sell the database or government master key. pgp5.5 or 6.0 when it comes out, are viable for such purposes. Quite similar to clipper: all you need is for the NSA to publish a public key, and for Clinton to pass a presidential decree that all companies using (the yet to be released) pgp6.0 should add that key to the list of CMR recipients. People sticking up for CMR (Lucky, Jon Callas, others) say: but you can by pass it. I say so what. You could by pass clipper too, it still didn't make it a good idea. You can be detected when you by pass it. With stiff penalties for companies or individuals for by passing, and the chance of detection, it sounds viable to me.
So far, Soloman, the FBI, nor other mandatory GAK supporters have said that PGP 5.5 or other key recovery products on the market today solve their so-called 'problems'. I don't really expect them to. They seem to want much much more.
I agree that PGP 5.5 doesn't meet the FBI's demand for realtime access.
Why do you think it doesn't meet their demand for real-time access? pgp5.5 supports multiple CMR fields attached to userids on the key. So in a company scenario, that would mean that before the presidential decree, the listed CMR key would be: snoopy@acme.com. After the presidential decree, they would have to list two extra crypto recipients: snoopy@acme.com, and thoughtpolice@nsa.gov. I think that pgp6.0 (or whatever it will be called) when it is released will allow keys to have multiple CMR key requests attached to userids. This will enable it for real. (pgp5.5 as far as I can understand only provides support in the GUI for adding one CMR key request per userid). pgp5.5 already supports multiple CMR key requests per userid in that it knows how to reply to them. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`