At 12:17 PM -0400 10/22/97, Declan McCullagh wrote:
From my perch in Washington, I see PGP 5.5/CMR as an existence proof that key recovery can be done. So far the crypto-advocates have been able to wave around the Blaze et al white paper that says we don't know how to do it. Even Dorothy Denning agreed. But now when a mandatory GAK bill goes to the House floor, all Rep. Solomon etc. have to do is wave around a shrinkwrapped copy of PGP and say: "I bought this for $19 at the Egghead shop at 21st and L." Details will be lost in the fearmongering.
While I suspect that new key recovery or CMR products may create some new traction for supporters of mandatory GAK, PGP 5.5 is not the first example of such a product (TIS has been marketing key recovery products for a while). More importantly though, the Blaze et al study (http://www.crypto.com/key_study) did not say that key recovery/key escrow systems can't be built. It said that such systems designed to meet law enforcement specifications (24/7 real time access, the infrastructure for key exchanges, and security considerations necessary for such a system to function) are beyond the scope of the field and would create significant vulnerabilities in the network. This is an important distinction. So far, Soloman, the FBI, nor other mandatory GAK supporters have said that PGP 5.5 or other key recovery products on the market today solve their so-called 'problems'. I don't really expect them to. They seem to want much much more. Jonah * Value Your Privacy? The Government Doesn't. Say 'No' to Key Escrow! * Adopt Your Legislator - http://www.crypto.com/adopt -- Jonah Seiger, Communications Director (v) +1.202.637.9800 Center for Democracy and Technology pager +1.202.859.2151 <jseiger@cdt.org> PGP Key via finger http://www.cdt.org http://www.cdt.org/homes/jseiger