Here are Jim Clark's comments in favor of GAK. It should be emphasized that since then, Netscape has officially clarified its position against GAK, and that the actions of the company speak loudly of their support of strong crypto. Nonetheless, these comments were made for the record, so let the record show: ... [Segue from a brief explanation of public key cryptography and certification authorities] So, this is a sophisticated enough system, but you run into a problem. I mean, it all works perfectly. Assuming there's no compromises in the the basic... Assuming there's no holes in the operating system, or no other ways of getting into the computer that's doing all this stuff, then you've got a system that's bulletproof. That's the problem. The government doesn't want it to be bulletproof. And the reason they don't is they want to be able to get access in cases of where there's national security issues or such, they want to be able to get access to your private communications. But you can break that into two parts. There's one area that they don't care about. And that area is if you cannot possibly send an encrypted message to someone... Let's take as an example, you're doing a financial transaction. If that transaction can only... If that communication can only be used to do a financial transaction, such as move money from A to B, or doing a wire transfer of funds, the government doesn't care about that. Uh, maybe they do, but the point is that's not the kind of communication where you're going to possibly say I'm going to blow up the World Trade Center, or some such thing. That's where they're worried. But this whole process leads to a set of questions about how you protect this data encryption technology - how you make it usable in a way that the government finds acceptable, and that you as the individual or you as the corporation find acceptable. And I've been thinking about this a lot. It's clear that this notion of issuing someone a bulletproof key, that is, that create their own private key where they can do any arbitrary communications via email to anywhere in the world with no restrictions and no one can possibly eavesdrop. It's clear to me that that is not going to happen. And the reason it isn't is that the governments of the world aren't going to let it happen. So you might as well sort of accept that at some level the government is going to be able to overhear or eavesdrop certain aspects of what you do. But as I said, the financial aspects, pure financial transactions, not general purpose electronic communications, but pure financial transactions, they really don't care. That isn't what they're trying to eavesdrop. They just want to be able to hear if you're planning on doing some illegal activity. And therefore this idea of key escrow comes up and that's what this chart, this thing is about. Key escrow. For the government, you know your private key, but also the government knows your private key. (now, you can, and so) That's one way to do it. They can always know your private key. You know, you've got a problem with your company too. (but, you know) Most companies are trying to protect the interests of the company and the shareholders, and that means that companies, (I mean I know it, but) I'll bet every single one of your companies has a mechanism to allow them to listen to your email or your voicemail or look at some of that stuff at some point in history because you might be doing something that compromises the interest of that company, illegally. So, even there, you need some mechanism to allow a corporation or the government or someone to be able to get access when they absolutely have to. That's the rub. When is, when do you absolutely need that kind of access? We'd all like to think it's as rarely as possible, and hopefully, never. But I think that these public key cryptosystems have to accomodate that kind of need. They have to allow people in governments to be able to access it. (I, I mean) I just came back from Europe. And, you know, we're allowed to export only the 40-bit version of our product into those countries. Well, I can assure you that's not satisfactory from those (companies') countries' point of view. Companies and the countries of Europe, Germany, France, the UK, want to be able to have just as secure communications as we can have inside our country. Because it's not to do illicit things, it's to protect business secrets, so if they're going to use the Internet for generalized communication they want to be able to protect their generalized communication - against corporate espionage. And that's a very, very valid requirement. And so, I think we're taking the wrong solution if the way we're going to protect information is just to make the keys easier to break, to make the lock easier to break. We have to find a better way. That means you need long keys, you need to have them be bulletproof, but there needs to be some sort of access, and that's where the idea of key escrow comes. But I think the key escrow idea is a little bit wrong, because I think what you really need is the ability to... Think of it this way; if I've got a lock, my key will open the lock. But I may want to have another keyhole, where someone else's key will open that lock as well. That other key might be the government's key. It might be the key of my corporation if I'm doing corporate business. (but) Or for example, you might have a health record, you know, a medical record. You want to protect that. That's your private information. But what happens when you're disabled, and there's an emergency you need to get access to your health data, then there needs to a be keyhole to allow people to open the lock in that case too. So there's a kind of a diferent concept or a different mechanism - multiple keys opening a lock, for example. There's one potential way, and what we need is an electronic equivalent to that, I think these things will come along very shortly. You might also want to have unanimous, all keys have to be inserted into the lock, kind of like the infamous red button that launches missiles. The president and several other people have to have access to it. This is the general concept, and I think that's what we're going to have to have in a data security sense. So, I have spent some time talking about the company Netscape, a little bit about security in general... Transcribed from: DCI Email World and Internet Expo held in November 95 in Boston. DC9523 session 100 - Security on the Net. Tape is available from Conference Copy Inc. http://www.confcopy.com/TAPES