RE: binding cryptography
Ulf Moeller[SMTP:um@c2.net] wrote:
: liberal (Japan) to non-liberal (France). We believe that "binding : cryptography" is flexible enough to achieve this: a liberal crypto : policy might use no Trusted Retrieval Parties at all, while a very : non-liberal country might want one (government controlled) TRP, a : compliance check on all network traffic and a ban on other crypto.
I doubt that even French internet providers would want their routers to perform six modolo exponetiations and four modolo divisions whenever someone opens a secure socket...
They could, however, take random checks which could also be performed off-line (after the connection was established or even already finished again). Remember we called it fraud-*detecting* not fraud-*preventing*. BTW, some people on the cypherpunks list seem to think that you can't fraude with a *voluntary* system. However, that is possible: when you do not comply with the *agreed* rules of conduct then the phrase "fraude" is appropriate. The same holds, for instance, when you make copies of microsoft word and resell them. Then you don't comply to the rules that you voluntarily agreed to when buying it...
We offered a solution for the *first* task not for the *second*; the point is that criminals(!) do not gain any real advantage from using the system in that way as they - among other things - still face the key-management problem. The above dicussions are only relevant in countries where the use of crypto outside the structure would be prohibited.
Of course, criminals do get real advantage from this system. They can use strong encryption for their messages and super-encrypt them using "binding" cryptography. So their illegal messages look perfectly inconnous as long as their government trusts in the "binding" property of this scheme. Only when the GAK key holder tries to decrypt a message, they notice that they cannot read it. I agree, that is inevitable.
Can you imagine that anyone would ever create a program that tries to look like a conforming implementation, but generates invalid "binding" data -- when it is so much easier to simply use PGP, and (if necessary) disguise that fact using the government-approved encryption software? I don't, so in my opinion the verification process is abolutely useless. Can you imagine what would happen if governments would (help to) set up a system that has no safeguards at all, i.e. that could give criminals all the anonimity and confidentiality they need? Governments can't probably prevent criminals and the like to use encryption to stay out of sight of law enforcement agencies, but they should not facilitate them either. In the next few years all kinds of "standard" commerical software will come on the market with all kinds of standard security in it. I don't want criminals to be happy with Custom of The Shelf products for security, let them work for their security.
One might say, binding cryptography, like several
other cryptographic protocols, is a nice 'solution', but one with no corresponding 'problem' in the real world. :) It doesn't help in legitimate law enforcement, but it causes trouble to network operators and it deprives law-abiding citizens of their privacy. We have set up the TRPs in such a flexible way that anybody could find one he can trust, one might even set up his own TRP. Also in the paper we describe how two or more TRPs could be used. Maybe some countries don't want TRP at all. The bottom line is that law-abiding citizens always have to give up some of their freedom to stop criminals (that is why you have to have registration plates on your car, a lock on your car, bicycle, house etc.). That is a fact of life; one I hate. So the point is: where is the middle of giving up freedom and stopping criminals? Well, I think that our concept gives a flexible way of implementing any national middle.. I agree with some of the poster to cypherpunks that governments involves the general public too less in the determination of this middle (some posters said it more strongly). Cryptopolicy is not a binary discussion; although some posters on this list seem to think so.
And criminals don't face "the key-management problem". In any GAK scheme, the official keys can be used to certify other un-escrowed encryption keys. Binding cryptography makes it just a little easier, because there is no need to create any "illegal" key pairs. Everyone can encrypt messages using the government-certified ElGamal keys, and then repeat that process, this time including the data required for goverment access. that use of other systems will always be possible. Also, the above discussions already showed that if such a system is voluntary, then there are lots of way to go around it.
Criminals will always find ways around these systems -- even if they are mandatory. Just those who actually "have nothing to fear", will not go in the risk to use illegal encryption. So governments can wiretap law-abiding citizens, but not criminals. What useful is a system like that?
You are absolutely right. However, as said above if governments (help to) set up a security system then they should at least attempt to make criminal abuse difficult. The lock on my bicycle is not really 100% either (as I found out quite to often); if I'd no lock at all I would have a lot more problems. Also, I am *not* for a mandatory system. Best regards, Eric
-----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, everheul@NGI.NL writes:
BTW, some people on the cypherpunks list seem to think that you can't = fraude with a *voluntary* system. However, that is possible: when you do = not comply with the *agreed* rules of conduct then the phrase "fraude" = is appropriate.
If the system is *voluntary* and I do not *agree* to participate, then I *cannot* be breaking any "rules".
Can you imagine what would happen if governments would (help to) set up = a system that has no safeguards at all, i.e. that could give criminals = all the anonimity and confidentiality they need? Governments can't = probably prevent criminals and the like to use encryption to stay out of = sight of law enforcement agencies, but they should not facilitate them = either. In the next few years all kinds of "standard" commerical = software will come on the market with all kinds of standard security in = it. I don't want criminals to be happy with Custom of The Shelf products = for security, let them work for their security.
Which they will, and presumably already do. Therefore, your proposal does not and cannot hamper criminals. Therefore, your proposal only hampers law abiding citizen-units' access to uncompromised crypto. No institution can expect compliance from a sector of society that, by definition, does not agree to or follow the social contract. Therefore, any and all such attempts to do so must be for the purpose of controlling those citizen-units that do abide the social contract. To claim otherwise is absurd.
The bottom line is that law-abiding citizens = always have to give up some of their freedom to stop criminals (that is = why you have to have registration plates on your car, a lock on your = car, bicycle, house etc.). That is a fact of life; one I hate.
Registration plates do not "stop criminals". Locks do not "stop criminals" (although they might slow a criminal down). Neither will compromised crypto "stop criminals". But all the above impinge on my liberty. Am I to give up yet another freedom? - -- Roy M. Silvernail [ ] roy@scytale.com DNRC Minister Plenipotentiary of All Things Confusing, Software Division PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey@scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMmOCMBvikii9febJAQESvQQAk9SzgWf0ZB7pCtmH9MKmJk/DS21efDn8 1X5H2etWhNmfJ6QIg8IaMTElzBk98GxUG7qQSFsWdkZ28NAbURBATk9dYwWwM+Gf /oyrzqCRZ/MxCV6RfDGQMc9BvznCl85yj35vCaFMcLs4yNokBBgsDbtz9mgi53pR gYMgOwhVEQs= =Pgp0 -----END PGP SIGNATURE-----
Ulf Moeller[SMTP:um@c2.net] wrote:
Can you imagine that anyone would ever create a program that tries to look like a conforming implementation, but generates invalid "binding" data -- when it is so much easier to simply use PGP, and (if necessary) disguise that fact using the government-approved encryption software? I don't, so in my opinion the verification process is abolutely useless. Can you imagine what would happen if governments would (help to) set up = a system that has no safeguards at all, i.e. that could give criminals =
You mean like Cash? The (in the US) green stuff that can be transfered with _no_ ID? That you can use to go down to the local convience store and get a money order with to send across state lines thru the US mail? Nah. Can't imagine what would happen with something like that.
all the anonimity and confidentiality they need? Governments can't = probably prevent criminals and the like to use encryption to stay out of =
You could have stopped before the "and".
don't want TRP at all. The bottom line is that law-abiding citizens = always have to give up some of their freedom to stop criminals (that is =
No, you DON'T have to. Laws make criminals, and Laws restrict freedom. Any law put into place to _prevent_ crime actually does the opposite. In what, 1907? Congress criminalized certain drugs (canabis & cocaine and some others) what was previously legal became a crime, and it's practicioners criminals. If Congress criminalizes Crypto, I and others on this list will become criminals. We will _become_ criminals to "stop" crime, and others will give up their freedom to "stop" us from commiting "criminal" acts. Your biggest fallacy (vis a vis crypto) is that criminals will _follow_ the law. They won't by defination, execpt as needed for their schemes. That is why they are called criminals, because the commit CRIMES, not because they follow the law.
why you have to have registration plates on your car, a lock on your = car, bicycle, house etc.). That is a fact of life; one I hate. So the =
The lock is there to stop criminals. The registration _plate_ is there to allow the government to collect Taxes, and track people. There are serial numbers on cars used in theft _recovery_ rather than theft prevention.
Cryptopolicy is not a binary discussion; although some posters on this = list seem to think so.
The middle is defined by the extremes. I'd take the most extreme possible stance, execpt that it is where I already stand, that the government is an _barely_ necessary evil, and needs to be made an unnecessary evil ASAP.
You are absolutely right. However, as said above if governments (help = to) set up a security system then they should at least attempt to make = criminal abuse difficult. The lock on my bicycle is not really 100% = either (as I found out quite to often); if I'd no lock at all I would = have a lot more problems. Also, I am *not* for a mandatory system.
If you had _no_ lock at all, and locks weren't avaiable, guess what? Your bike would get stolen _less_ often because you wouldn't let it out of your sight (well, I wouldn't let _mine_, but I spent a LOT of money (for me) on mine, so...) And no, a lock isn't 100%. Nothing man made is. Nothing natural is. Ask yourself this, given a foe with more resources than you, can you keep him _out_ of a given computer system? Not totally. Petro, Christopher C. petro@suba.com <prefered for any non-list stuff> snow@smoke.suba.com
participants (3)
-
Eric Verheul
-
roy@sendai.scytale.com
-
snow