why is no one (apparently) worried about escrowed key length limits?
It appears that (from the responses I have gotten on why there are key length limits at all on escrowed encryption) I am not forgetting anything obvious. So why is no one seriously questioning why this limit has to be there for key escrow? One suggestion was: the NSA does not completely trust key escrow. But if the NSA (who should know all the inner secrets of it) cannot completely trust key escrow, then why should WE trust key escrow? Obviously, the implication is that brute force (or "near brute force") methods WILL be used against encrypted transactions. So in the best case, there is some lower strata of law enforcement who are only allowed to use the escrowed path to intercept, but there is also some upper strata of law enforcement (presumably some anti-terrorist or national security section of ATF or FBI or CIA or Secret Service) who will be allowed to use such super-duper cracking methods to achieve their goals (assuming their goals are good). But, if the best case happens, then we're all Ozzie and Harriet (or Archie and Edith), and we should be in a love fest with the government. Obviously we don't competely and blindly trust our government. So why do we allow the NSA to get away with such a policy? "Here is something you can use. We can't completely trust it but it should be good enough for you folks." Ern
On Fri, 24 May 1996, Ernest Hua wrote:
Obviously, the implication is that brute force (or "near brute force") methods WILL be used against encrypted transactions. So in the best case, there is some lower strata of law enforcement who are only allowed to use the escrowed path to intercept, but there is also some upper strata of law enforcement (presumably some anti-terrorist or national security section of ATF or FBI or CIA or Secret Service) who will be allowed to use such super-duper cracking methods to achieve their goals (assuming their goals are good).
This is hardly questionable as the reason for restricted key lengths; if this wasn't the fact of the matter, they wouldn't make it difficult to superencrypt with the same system over and over again, which they do. And "best" case for who? Not I, surely. Simply putting a "national security" clause in this makes the CIA or SS or FBI or ATF or whatever above the law, regardless of the reasons. I certainly don't want these organizations above the law. I remember (well, not really. But I've read about) J Edgar Hoover, and I don't want a repeat.
But, if the best case happens, then we're all Ozzie and Harriet (or Archie and Edith), and we should be in a love fest with the government. Obviously we don't competely and blindly trust our government.
Archie didn't completely and blindly trust the government. Ozzie and Harriet, yes. Edith, probably. Archie, no. (ObGunPunks: remember the episode where Archie got to do the TV editorial about gun control? :-)) Jon ---------- Jon Lasser (410)532-7138 - Obscenity is a crutch for jlasser@rwd.goucher.edu inarticulate motherfuckers. http://www.goucher.edu/~jlasser/ Finger for PGP key (1024/EC001E4D) - Fuck the CDA.
participants (2)
-
Ernest Hua -
Moltar Ramone