[you are posting to cypherpunks@toad.com... see: http://www.dcs.ex.ac.uk/~aba/cp.html for where you should be posting -- hint: the address you are posting to is out of date] Wesley Griffin <wgriffin@enslaved.student.umd.edu> writes:
By "companies like Network Associates", do you mean "companies who are members of the Key Recovery Alliance" (http://www.kra.org)? If so, here are the "companies like Network Associates", in that regard: [Note RSA is a Charter Member]
This statement is seriously confusing Key Recovery and Key Escrow. They are NOT the same thing. Everybody knows what Key *Escrow* is and that it sucks.
You need to understand Newspeak to understand any crypto documents written by the government, or government toadies. To them the key recovery, key escrow are just different PR terms to try to con people into going along with goverment backdoors in crypto software. The key recovery alliance program (KRAP) is a government program to bribe companies into building government backdoors into their crypto programs. The KRAP program requires it's participants to agree to fast track installation of GAK (Government Access to Keys -- master government backdoor stuff) into their software. In exchange for doing this the companies get permission to export ridiculously weak 56 bit crypto instead of even more ridiculously weak 40 bit crypto. They have a 2 year time frame in which to install government master backdoors into their crypto software. And there are reviews of progress made every 6 months -- failure to meet deadlines results in loss of 56 bit export permission.
Key Recovery is *very* different in that are no databases kept of private keys. The website you mentioned (http://www.kra.org) contains some very good info on how Key Recovery works. I would like to see the source of Schneier's quote also, because I can't believe he could get the two confused.
I fully expect Schneier spoke out against KRAP -- the companies involved are government sell outs. This is why people are upset that PGP Inc was just bought out by a KRAP company McAfee (which recently renamed itself to Network Associates). Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`