Gore's "new and improved" key escrow proposal
Just think how easy it would be to comply with software key escrow requirements: imagine a new PGP option -- +encrypt_to_escrow_agents=on The escrow agent's PGP public key could be shipped with every copy of PGP... naturally, every PGP user will be required by law not to override this option if the Vice President gets his way. --- sound of tongue being removed from cheek --- I have tried to think of a positive use for key escrow. The only thing that I have come up with so far is kind of like having local key escrow within one company, or something like that. Kind of like having a master key that fits all the offices in one wing of a building, or something like that. That could be good in some business uses, provided you could pick your own trusted master key holder. I don't think that is what Al Gore has in mind.
Just think how easy it would be to comply with software key escrow requirements: imagine a new PGP option -- +encrypt_to_escrow_agents=on
I think that this is an exceellent idea, not one to be laughed at. Voluntary compliance is a good thing. Something I'm toying with is the possibility of putting a voluntary tax in my program. 1% of all transactions would go to paying for educational access and access for poor people. If you don't want to contribute, just turn it off. As long as either the vendor or the customer has the option on, 1% will find its way to those groups. Vendors and customers would even be able to charge groups that do not participate extra as a penalty for not being socially conscious. Government intervention with guns is not necessary for warm fuzzy things to occur. Voluntarilly participating in things like escrow and "warm fuzzy liberal taxes" has the potential to take the bite out of legilation intended to regulate us. (And remember, another name for secret-split key escrow is KEY BACKUP, a very important function in any cryptographic system that's intended to last and be reasonably universal.) Cheers, JWS
Actually, that should be +encrypt_to_escrow_agent=vice-president@whitehouse.gov or +encrypt_to_escrow_agent=prz@acm.org (You get to choose your own escrow agent :-) ). This should be trivial to implement; just treat it as an implicit recipient in all PK-encrypted messages. - Bill
I think we need to distinguish between encrypted *storage* and encrypted *communications*. Voluntary key escrow may make sense for encrypted stored business files, but communications is a different story. Since there should be nobody out there recording packets, there is no need to back up or escrow the keys used to encrypt them. Phil
On Mon, 25 Jul 1994, Phil Karn wrote:
I think we need to distinguish between encrypted *storage* and encrypted *communications*. Voluntary key escrow may make sense for encrypted stored business files, but communications is a different story. Since there should be nobody out there recording packets, there is no need to back up or escrow the keys used to encrypt them.
Good point. The line between storage and transmission gets kind of fuzzy, however, if transmitted messages get stored in encrypted form. I think that if I were designing an encryption system to be used for both in my own business, I would probably consider a compartmented escrow system for both kinds of messages, with a different escrow public key for each department. That is would be a good balance between two evils: unauthorized disclosure of proprietary communications, and loss of encrypted data due to loss of a key or loss of an employee. Naturally, this would not be as convenient for law enforcement agents and spies, but I suppose that my own escrow data base would still be subject to the same subpoena process as the rest of my records, but I would be more likely to know when information was being leaked. ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-772-1062 | | | | / _ | mpj@csn.org aka mpj@netcom.com m.p.johnson@ieee.org | | |||/ /_\ | ftp://ftp.csn.net/mpj/README.MPJ CIS: 71331,2332 | | |||\ ( | ftp://ftp.netcom.com/pub/mpj/README.MPJ -. --- ----- ....| | ||| \ \_/ |___________________________________________________________|
I think we need to distinguish between encrypted *storage* and encrypted *communications*. Voluntary key escrow may make sense for encrypted stored business files, but communications is a different story. Since there should be nobody out there recording packets, there is no need to back up or escrow the keys used to encrypt them.
Phil
But I leave nearly all PGP-encrypted messages to me in encrypted form, using the "decrypt to screen" option. So communicated and stored messages are largely the same. I'm not supporting key escrow, mind you. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
But I leave nearly all PGP-encrypted messages to me in encrypted form, using the "decrypt to screen" option. So communicated and stored messages are largely the same. This is exactly the situation I referred to yesterday. It's extremely common, I suspect. Tim does it, I do it, and I've no reason to believe that most people do it differently. Keeping the messages around encrypted with your private key does _not_ have forward secrecy. Forward secrecy is a valuable property, and it behooves us to think about how to achieve it. Eric
I have tried to think of a positive use for key escrow. The only thing that I have come up with so far is kind of like having local key escrow within one company, or something like that. Kind of like having a master key that fits all the offices in one wing of a building, or something like that. That could be good in some business uses, provided you could pick your own trusted master key holder. I don't think that is what Al Gore has in mind.
Actually, I can think of one major use. If I encrypt my personal files, I might want my heirs to be able to recover them after my death. For example, I might keep my electronically-encrypted will in escrow, such that upon my death the keys can be obtained and the document opened. This does not mean that I implicitly trust the government to escrow my keys. However it does mean that there are legitimate uses for escrowed technology. I just think that the government shouldn't be in charge of it, and that citizens have the right to choose the level of privacy and security that they desire for themselves. Just to quickly change the topic, and answer someone's question for earlier today or yesterday (sorry, I've been really hosed and haven't had a chance to really delve into the flurry of email that I've received recently)... Not everyone on this list is an anarchist. For example, I do not consider myself an arachist. I think some leadership is needed, since not everyone is capable of being a leader, and I wouldn't trust just anyone to make decisions for me. I'm on this list because I value electronic privacy and encryption technologies, and I believe that the power of encryption will better enable the common man to hold his (or her) privacy in the electronic information world. Anyways, enough spewing. Enjoy! -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord@MIT.EDU PP-ASEL N1NWH PGP key available
This area of research has been explored by Matt Blaze in some detail -- he's done some "good" key escrow systems for just the case of "your chief programmer is hit by a bus." However, let us never confuse voluntary key management techniques used in an organization with mandatory national key escrow big-brotherism. Perry Derek Atkins says:
I have tried to think of a positive use for key escrow. The only thing that I have come up with so far is kind of like having local key escrow within one company, or something like that. Kind of like having a master key that fits all the offices in one wing of a building, or something like that. That could be good in some business uses, provided you could pick your own trusted master key holder. I don't think that is what Al Gore has in mind.
Actually, I can think of one major use. If I encrypt my personal files, I might want my heirs to be able to recover them after my death. For example, I might keep my electronically-encrypted will in escrow, such that upon my death the keys can be obtained and the document opened.
On Fri, 22 Jul 1994, Michael Johnson wrote:
all the offices in one wing of a building, or something like that. That could be good in some business uses, provided you could pick your own trusted master key holder. I don't think that is what Al Gore has in mind. So lets deliver this before he can deliver his.
What we need to do is use the concepts of fair key escrow. This can be done using the pgp as a framework, just as you said. Berzerk
participants (10)
-
Berzerk -
Bill & -
Derek Atkins -
hughes@ah.com -
Michael Paul Johnson -
mpjohnso@nyx10.cs.du.edu -
Perry E. Metzger -
Phil Karn -
solman@MIT.EDU -
tcmay@netcom.com