Re: So, what crypto legislation (if any) is necessary?
To Jim Bell and "Black Unicorn": I have been following your debate with interest, and would like to re-iterate some points that were made and add some of my own. The concept of encrypting a key before escrowing it is excellent. It prevents the escrow agent from misusing the key, and protects the principal from government snooping. If the escrow agent is served a subpoena, he can say, "Here is the key you want. Go ahead and take it. In fact, here is my entire key database. All keys are encrypted by the principals before I get them, so I can't guarantee that you will be able to use them, but here they are anyway." At this point, the LEO's can take whatever they want, but the principals are still safe. The escrow agent doesn't have to send any encrypted "rosebud" message to anyone, and he can bend over backwards to make the LEO's happy, so his butt is covered, too. At this point, the LEO's can either (a) send the keys to the NSA for decryption, and thereby admit that the gov't can break IDEA (or whatever cryptosystem was used to encrypt the keys before the escrow agent got them), (b) rubber hose the unencrypted key(s) from the principal, or (c) go home and pout. Of course, if you never escrow your keys, you can avoid the whole scenario altogether, leaving the gov't with options (b) and (c). Jonathan Wienke
On Sat, 30 Mar 1996 JonWienke@aol.com wrote:
The concept of encrypting a key before escrowing it is excellent. It prevents the escrow agent from misusing the key, and protects the principal from government snooping. If the escrow agent is served a subpoena, he can say, "Here is the key you want. Go ahead and take it. In fact, here is my entire key database. All keys are encrypted by the principals before I get them, so I can't guarantee that you will be able to use them, but here they are anyway." At this point, the LEO's can take whatever they want, but the principals are still safe. The escrow agent doesn't have to send any encrypted "rosebud" message to anyone, and he can bend over backwards to make the LEO's happy, so his butt is covered, too. At this point, the LEO's can either (a) send the keys to the NSA for decryption, and thereby admit that the gov't can break IDEA (or whatever cryptosystem was used to encrypt the keys before the escrow agent got them), (b) rubber hose the unencrypted key(s) from the principal, or (c) go home and pout.
(d) [which may be a subset of (b)] impose contempt sanctions on the principal until he releases the key to the key. --- My preferred and soon to be permanent e-mail address:unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information
-----BEGIN PGP SIGNED MESSAGE-----
(d) [which may be a subset of (b)] impose contempt sanctions on the principal until he releases the key to the key.
Yes, but this will alert the principal not to use that key for future communications. One of the things that the Leahy bill provides for is getting of keys without any of the principals knowing about it. This idea of escrowing encrypted, essentially frustrates that provision of the Leahy Bill. All this talk of voluntary key escrow is essentially fatuous. If Key escrow is truly voluntary then there is nothing to prevent the person escrowing from doing all of the following: 1) Not labelling the key escrow file as a key escrow file, so that the escrow agent does not know that he is an key escrow agent. The escrow agent can be told that he is a data storage agent -- which in fact he is. 2) Encrypting the keys before handing to the escrow agent, and only giving the decryption keys to those who are authorized to break the escrow. 3) Insuring that the escrow agent and those who are authorized to break the escrow are outside the jurisdiction of any court. 4) Using the crypto technique of secret splitting to split the secret of the key among multiple escrow agents in difficult to subpoena countries. - -- Paul Elliott Telephone: 1-713-781-4543 Paul.Elliott@hrnowl.lonestar.org Address: 3987 South Gessner #224 Houston Texas 77063 -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: cp850 iQCVAgUBMV2yf/BUQYbUhJh5AQGyXwP5AeQQXJBr8j4vLv2eXTb6HsffHW72Yguu 1h7pILY8Iomo3/vgo1YuoJEfcIwNJaY5T4VEoLghW2H8mJ9gVQoAYkJXb7tvTyee cBi33OPrNd2SXVYpQ4oF1qnTR+h2mGp9bkf+XQLRRev1jkrdpFYeHsTsP0w6sxLE X+bqsj+57pE= =+LHz -----END PGP SIGNATURE-----
participants (3)
-
Black Unicorn -
JonWienke@aol.com -
Paul Elliott