Why I might want a trusted third party.
Hi, There have been a number of comments on the UK proposals by the DTI to introduce a legal framework for use of trusted thrid parties. I contacted some old friends to find out what the issue really was. I was surprised by the result. First off the proposals are not intended as a Trojan horse for the Clipper chip "or any other colonial scheme". The UK authorities have been fighting terrorists rather longer than the US and the ones they are concerned about have used encryption for a decade. My friend was somewhat concerned that the US administration may have poisoned the water preventing any sensible scheme being deployed. The issue of concern is not private use of encryption but corporate users. Imagine you are a security administrator for IBM or DEC. You probably don't want your employees using absolutely secure email systems that would allow them to post company secrets through your firewall. I used to administer security at a large nuclear installation with an improbable amount of Uranium to hand (several hundred tonnes). Last thing I was going to allow was encrypted communications from the secure area to the Internet. Companies probably don't want to have their LAN completely open to snooping either. Their sysop may be snooping for a competitor as much as for them. For this particular customer the trusted third party concept is quite a good one. They can collect large quantities of information in a manner that avoids the risk of having gathered together a large collection of en-clair sensitive material in one place. Such a company would probably prefer to have the decryption key far away from the reach of their employees, ideally the key would be stored in such a way that even the TTP didn't know who it related to. Basically the DTI proposal clears the way for people to offer this type of service in the UK. They are emphatically not trying to introduce a Clipper chip proposal. Unfortunately what they do propose is clearly a slippery slope to a Clipper situation. If use of TTPs became ubiquitous it might become possible to enforce their use somehow at a later date. I think that this is a remote possibility but one that should raise concerns. If it was merely the UK government that was involved I would have fewer concerns than the current situation. The problem with US policy is that the executive keeps making ignorant and dangerous bids for unlimited power over the Internet and the people seem to have little influence over Congress. There was a tellling episode during the PICs/CDA fiasco when one of the professional lobbyists said "now we need to collect money for the hearings". Basically the governing assumption in DC amongst lobbyists is that you buy your way into hearings with campaign donnations. Crypto has many rich supporters but they tend not to understand just how corrupt US politics are. Phillip M. Hallam-Baker Visitng Scientist MIT Laboratory for Artificial Intelligence. hallam@ai.mit.edu http://www.ai.mit.edu/people/hallam/hallam.html
Phillip Hallam-Baker <hallam@ai.mit.edu> writes:
Companies probably don't want to have their LAN completely open to snooping either. Their sysop may be snooping for a competitor as much as for them. For this particular customer the trusted third party concept is quite a good one. They can collect large quantities of information in a manner that avoids the risk of having gathered together a large collection of en-clair sensitive material in one place. Such a company would probably prefer to have the decryption key far away from the reach of their employees, ideally the key would be stored in such a way that even the TTP didn't know who it related to.
Best argument I've seen for ombudsman key-escrow yet. And yet... surely it would be perfectly feasible to have the commercial key escrow key system set up with the n of m directors and company lawyer holding the key? If they get suspicious they can check on someone, and the rest of the time, no one can read anyone else's messages. In any case, if you were able to find an example of a company who wanted this unusual setup, could they not draw up a contract with a legal firm, or computer security company to achieve something similar. The real problem I have with the DTI document is in `facilitating ecommerce' or whatever the euphamism is for the government bid to have real time access to user keys, they are also outlawing use of unlicensed TTPs. From the document it seems that activities which require a TTP license are key server functionality, CAs (even for only signature keys), time-stamping services, plus numerous other possibilities, by entities which are not licensed TTPs. Then they go on to say they want the market to decide on whether government licensed TTPs are the best solution. After outlawing most other possibilities, and putting legal obstacles in the way of a fast moving technological field.
Basically the DTI proposal clears the way for people to offer this type of service in the UK.
A lot of the proposal discusses outlawing non-licensed alternatives, and timeliness of GAK (government access to keys), surely the way is already clear for encryption companies to offer what they hell they want to offer, to companies who are free to demand what they want.
They are emphatically not trying to introduce a Clipper chip proposal.
How do you describe all the `key recovery', and restrictions on TTPs being interoperable and joining the network if they don't provide GAK? Sounds _exactly_ like a clipper job to me.
Unfortunately what they do propose is clearly a slippery slope to a Clipper situation. If use of TTPs became ubiquitous it might become possible to enforce their use somehow at a later date.
I'm sure this is the plan. CESG is trying to push the CASM architecture for TTPs (CASM is based of the Royal Holloway proposal). CESG already has some `customers' who are legally obliged to use their recommendations: central government. The Health service had to put up much resistance to avoid `the offer you can't refuse' of using Red Pike in Health Service networks. (Why Red Pike anyway? It's a secret algorithm, which is rumoured to be a modification of RC5, which itself is a very new and relatively untested cipher. What's wrong with 3DES?) They plan to work their way out through peripheral government agencies and authorities through the requirement to communicate with central government, and the tendency to go with the government standard and then move on to the public through the services the DTI is discussing providing to the public. Offering the public the opportunity to interact electronically with both local and central government. Along with legislation to make digital signatures binding in law only when signed by keys held in a TTP licensed key server, certified by a TTP licensed CA, they probably figure they can achieve de-facto status, while quietly outlawing enough functionality to make competition possible. (For example running a non-TTP licensed commercial CA or key servers would be a criminal offense.) That's their game plan as I understand it. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
participants (2)
-
Adam Back -
Phillip M. Hallam-Baker