At 8:48 PM 11/7/1996, Timothy C. May wrote:

At 7:20 PM -0800 11/7/96, Peter Hendrickson wrote: ...

...

I cannot speak for the GAK advocates. However, you could establish a system where messages between two countries are encoded with keys which are made available to only the two countries in question.

A really simple scheme to do this would be for each country to publish a public key. You would be required to encrypt the key to the message with the national public key. That scheme would be fast to deploy.

Well, this is not what the proposals for GAK involve. If it were _only_ a matter of each country requiring GAK for communicatons entering its country, then this would be as you describe (not that many of us would approve of it).

What complicates matters is that the U.S. proposes that _it_ keep records/escrows of communications with, say, recipients in Libya. Or Russia, or Burma, or Tazbekinoya. This means automatically that simplistic models ("encrypt to the public key of Tazbekinoya" will not be sufficient).

The U.S. would have to concede this point, and it would be a likely one for it to concede. The reasonable Schelling point for inter-governmental relationships on this matter is for the each government to have access to whatever communications it likes within its borders but that the contents of communications between governments is shared. This could be set up exactly the same way tax treaties are set up now. Technically, this is not hard to do. For instance, I think PGP encrypts messages for multiple recipients by encrypting the same session key with each recipient's public key, and then attaching the same IDEA encrypted ciphertext: <Session Key with Alice's Public Key><Session Key with Bob's Public Key> <IDEA encrypted message> All GAK requires is that you also encrypt the session key with the government's key: <Session Key with Alice's Public Key><Session Key with Bob's Public Key> <Session Key with Eve's Public Key><IDEA encrypted message> For multiple government access to keys, you encrypt the session key with the foreign government's key, too: <Session Key with Alice's Public Key><Session Key with Bob's Public Key> <Session Key with Eve's Public Key><Session Key with Yvette's Public Key> <IDEA encrypted message>

...

In a more complicated and secure scheme, you would be given a public key from each country that was unique for your communications at the same time you were granted your international communications license. The unique public key would be managed by a small group of people. This means that if it was ever compromised, most message traffic would be secure and those who were responsible would be easy to find.

The only way you are at the mercy of the Libyans is if you do business in Libya.

No, I think you are missing the point. The issue about Libya is that the GAK system must make decisions about when and under what conditions it accedes to government wishes--for governments we may be hostile toward.

Or governments may be hostile toward us.

Yes, there is a problem with uncooperative foreign governments who won't prosecute people who send in non-GAKed messages. So, we simply terminate communications with those countries. It's something the government wants to do anyway, so it's not a painful pill to swallow.

As I said in another message, I don't think there can be a unified GAK policy. I believe the U.S. Administration hopes to browbeat enough nations into compliance such that it--the U.S. government--controls which keys are released and which are not. My point about "rogue" governments is that the problems of Burma, Libya, etc. will not vanish. Clearly the U.S. government will not settle for waiting for Libya or Burma to co-release keys....

The scheme I described above does not require co-release of keys. It may be the case that the USG is trying to pull a cypherpunk maneuver on other less sophisticated governments. That is, they are probably telling the other governments, "You've got a real problem here. You will be overthrown if you don't get our help fast with our sophisticated encryption technology! And if you don't let us help, you'll lose most favored nation status." By the time other policy makers figure out the implications of this, it will be too late. Sad for them, but good news for the U.S. consumer.

And nothing in GAK says one gets to communicate with Libyan parties by encrypting with the public key of Libya, thus bypassing the U.S. decryption capabilities!

Nothing stops you from sending fully encrypted messages to Libya except your fear of social disgrace and a long prison term. Peter Hendrickson ph@netcom.com