I just read www.crypto.com/key_study. I was not impressed. In fact, one thing worries me a lot. I think the report basicly sells us out. The authors, Hal Abelson [1], Ross Anderson [2], Steven M. Bellovin [3], Josh Benaloh [4], Matt Blaze [5], Whitfield Diffie [6], John Censor Gilmore [7], Peter G. Neumann [8], Ronald L. Rivest [9], Jeffrey I. Schiller [10], Bruce Schneier [11], include many "respected" "experts". Some of them, like Blaze and Diffie and Schneier, are people who act like they're on our side. But... Benaloh works for microsoft and Rivest for Bidzos. Two from AT&T. One from HP. One from Sun. The influence of big money was clear. They want what's good for the big companies. The report endorses pro-code/safe, which effectively criminalizes the use of crypto and would outlaw remailers. It's true that they say key recovery is a bad idea (not that it's unacceptable, however, just a bad idea, not nearly as strong as it could be). The reason they give is that they think it may be too expensive for corporate America. What they don't say is Far more interesting: They don't say that key escrow is unacceptable, period. They don't mention the big brother problem. They don't talk about the long history of government abuse (FBI, CIA, NSA, etc). The conveniently leave out ALL the libertarian issues about how key escrow making the government bigger and more powerful. They just seem to care about what it costs. And these are our friends? Now lets look at who benefits from this point of view. Criminalize crypto, outlaw remailers, no expensive key escrow. It SOUNDS good, at least a small gain, but this gives them a real tool AGAINST us. They can come after crypto users for the first time. Who benefits? BIG companies. NOT CYPHERPUNK GOALS. By not mentioning it, I think these guys have sold out. They may not realize it themselves, but the effect is just as bad (maybe worse). CDT which brought us the CALEA and the CDA, funded the study. They no doubt were able to influence the content to get rid of the "unacceptable" stuff. We should be asking who our friends are here. I think if these guys really wanted to be effective, they could take more of a real stand, with some real risks. Have ANY of these guys ever written code to promote strong crypto? Schneier wrote a book, but, charges for his services. I don't think they have been "bought" or are working for the other side, I just think we should be realistic about who the "experts" are really working for - their own pockets and their big employers. KEY ESCROW IS UNACCEPTABLE, PERIOD. No matter what the cost. No matter how safe. No matter what. I think we should respectfully ask them to clarify where they stand. Mr experts, <hal@mit.edu> <ross.anderson@cl.cam.ac.uk> <smb@research.att.com> <benaloh@microsoft.com> <mab@research.att.com> <diffie@eng.sun.com> <gnu@toad.com> <neumann@sri.com> <rivest@lcs.mit.edu> <jis@mit.edu> <schneier@counterpane.com> Do you stand for the criminalization of crypto? Is there anything wrong with key escrow other than the cost? Why is your report so weak?