SynData/Schneier Attack Network Associates
At 11:42 AM 12/5/97 -0500, you wrote:
Right to Privacy for Sale in Cyberspace; SynData Technologies Inc. Speaks Out Against Key Recovery
Cedar Grove, N.J. -- SynData Technologies Inc., a provider of encryption software solutions, released a statement today condemning Network Associates Inc. for supporting the government's key recovery program. Network Associates recently purchased Pretty Good Privacy (PGP). PGP had historically been opposed to key recovery.
<snip>
"The government's key recovery program is a complete violation of the individual's right to privacy and, in fact, compromises of the system are already taking place. This shows that key escrow is an untenable policy," said Bruce Schneier, one of the world's leading authorities on encryption and author of the book "Applied Cryptography". "SynData is paving the way for other software developers by taking a stand in opposition to the government and companies like Network Associates."
By "companies like Network Associates", do you mean "companies who are members of the Key Recovery Alliance" (http://www.kra.org)? If so, here are the "companies like Network Associates", in that regard: [Note RSA is a Charter Member] America Online, Inc. Apple Computer, Inc. * American Express Corp. Atalla * Baltimore Technologies Boeing Candle Corporation CertCo Certicom Compaq Computer Corp. Cryptomathic CygnaCom Sulutions, Inc. Cylink Corp. DASCOM, Inc. Data Securities International, Inc. Digital Equipment Corporation * Digital Secured Networks Technology, Inc. Digital Signature Trust Company Entrust Technologies First Data Corp. Fort Knox Escrow Services, Inc. Frontier Technologies Corp. Fujitsu, Ltd. GemPlus Gradient Technologies, Inc. Groupe Bull * Hewlett-Packard * Hitachi IBM * ICL IRE Intel Corporation McAfee Mitsubishi Corporation of Japan Mitsubishi Electric America Motorola Mykotronx Mytec Technologies, Inc. nCipher Corp. NCC Escrow NCR Corporation * NEC Network Systems Group of Storage Tek Novell, Inc. Open Horizon, Inc. Portland Software PSA Price Waterhouse Racal Data Group Rainbow Technologies RedCreek Communications RPK RSA * SafeNet Trusted Services, Corp. Secure Computing Corporation Siemens AG Silicon Graphics, Inc. SourceFile Spyrus Sterling Commerce Sun Microsystems * Tandem Technical Communications Corp. The Santa Cruz Operation, Inc. Toshiba Trusted Information Systems, Inc. * Unisys UPS * Utimaco Mergent VPNet Technologies ------------------- estone@synernet-robin.com remove "-birdname" spam avoider ------------------- ---------------------------- Ed Stone estone@synernet-robin.com delete "-birdname" spam avoider ----------------------------
At 11:42 AM 12/5/97 -0500, you wrote:
"The government's key recovery program is a complete violation of the individual's right to privacy and, in fact, compromises of the system are already taking place. This shows that key escrow is an untenable policy," said Bruce Schneier, one of the world's leading authorities on encryption and author of the book "Applied Cryptography". "SynData is paving the way for other software developers by taking a stand in opposition to the government and companies like Network Associates."
By "companies like Network Associates", do you mean "companies who are members of the Key Recovery Alliance" (http://www.kra.org)? If so, here are the "companies like Network Associates", in that regard: [Note RSA is a Charter Member]
This statement is seriously confusing Key Recovery and Key Escrow. They are NOT the same thing. Everybody knows what Key *Escrow* is and that it sucks. Key Recovery is *very* different in that are no databases kept of private keys. The website you mentioned (http://www.kra.org) contains some very good info on how Key Recovery works. I would like to see the source of Schneier's quote also, because I can't believe he could get the two confused. Wes Griffin wgriffin@glue.umd.edu
At 4:01 PM -0700 12/5/97, Adam Back wrote:
Wesley Griffin <wgriffin@enslaved.student.umd.edu> writes:
By "companies like Network Associates", do you mean "companies who are members of the Key Recovery Alliance" (http://www.kra.org)? If so, here are the "companies like Network Associates", in that regard: [Note RSA is a Charter Member]
This statement is seriously confusing Key Recovery and Key Escrow. They are NOT the same thing. Everybody knows what Key *Escrow* is and that it sucks.
You need to understand Newspeak to understand any crypto documents written by the government, or government toadies.
To them the key recovery, key escrow are just different PR terms to try to con people into going along with goverment backdoors in crypto software.
Yep. KRAP is just a variant of GAK. The talk about "court orders" shows the equivalence. There are subtle differences between various GAK schemes, ranging from the extreme of encrypting all communications and writings to a government key (an obvious non-starter) to the complicated LEAF stuff of Clipper to the more recent key escrow and KRAP schemes. Including that being pushed by PGP, Inc., er, "Network Associates." When the Key Recovery Alliance speaks of "legal court orders" for gaining access to KRAPped communications, one assumes this means the official government of Myanmar (Burma) will be using "legal court orders" to gain access to rebel communications. Next time Phil Z. speaks about the great usefullness of PGP in supporting freedom fighters in Myanmar, I hope he remembers to mention that Network Associates is committed to giving governments access to such communications. Provided the right legal orders are given, of course. It might be a nice gesture for Phil to fly to Rangoon to attend the funerals of the freedom fighters rounded up after their KRAP-compliant communications are decrypted by the Ministry of Social Harmony (with the right court orders, of course...wouldn't want KRAP to let unauthorized decryptions occur, would we?). The whole _point_ of encryption is to stop this kind of snooping. This is why we provided PGP to the freedom fighters working to expel the Zionists into the sea (though the Amerikan government calls these freedom fighters "terrorists," of course). And why White Aryan Resistance now uses PGP. (The point of crypto is that you can't pick who gets to use it and who doesn't.) With its 5.5 version, and especially with its absorbtion into Big Brotherish Network Associates, PGP has taken a major step toward irrelevance, and even perniciousness. This won't endear myself to Phil and my other colleagues at PGP, Inc. But I have to call it as I see it. Would they want me to pull my punches? The Phil Zimmermann I met several years ago surely would've spoken out against such things. In fact, he did. As recently as a year ago, in articles condemning ViaCrypt for its key recovery/escrow system. And, ironically, some of the things he blasted RSADSI for, such as charging for its crypto products, and not releasing a toolkit usable by all (RSAREF was for hobbyist uses only, much like the freeware versions of PGP), have close parallels with PGP, Inc.'s current views about charging for products, development toolkits, and so on. And, worse, PGP is "building in Big Brother," and when Network Associates finishes absorbing them.... Oh well. Earlier versions of PGP, and monkeywrenched versions of later versions of PGP, may be our best hope. (I can't say this will do a lot for sales of commericial versions, as we urge folks to widely deploy older, non-KRAP versions.) --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
-----BEGIN PGP SIGNED MESSAGE----- In <199712052053.PAA14508@enslaved.student.umd.edu>, on 12/05/97 at 03:53 PM, Wesley Griffin <wgriffin@enslaved.student.umd.edu> said:
At 11:42 AM 12/5/97 -0500, you wrote:
"The government's key recovery program is a complete violation of the individual's right to privacy and, in fact, compromises of the system are already taking place. This shows that key escrow is an untenable policy," said Bruce Schneier, one of the world's leading authorities on encryption and author of the book "Applied Cryptography". "SynData is paving the way for other software developers by taking a stand in opposition to the government and companies like Network Associates."
By "companies like Network Associates", do you mean "companies who are members of the Key Recovery Alliance" (http://www.kra.org)? If so, here are the "companies like Network Associates", in that regard: [Note RSA is a Charter Member]
This statement is seriously confusing Key Recovery and Key Escrow. They are NOT the same thing. Everybody knows what Key *Escrow* is and that it sucks. Key Recovery is *very* different in that are no databases kept of private keys. The website you mentioned (http://www.kra.org) contains some very good info on how Key Recovery works. I would like to see the source of Schneier's quote also, because I can't believe he could get the two confused.
There is no confusion here. KRAP supports GAK plain and simple. They want the government to be able to get into everyone's nickers and are actively working on making this possible (of course with the promise of nice government contracts and easing of export restrictions). Key Recovery= Key Escrow = GAK it's all the same thing. Unauthorized 3rd parties gaining access to your data without your consent and more than likely without you knowledge. I think that most on this list would agree that this is a BadThing(TM). - -- - --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a-sha1 Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNIi95I9Co1n+aLhhAQLXogQAnbwCtBzlLC3/NvsHI0YDziJ1a6pyYWp1 QF1j4G5Oy50QZv36E+BagETsGOH2cNw6p0LTCinc//TKuY9TXS94EWftIvROvJHp x3eeWZMeqtzKn0k/8ABdT6cCXGJ6itoT6DjiDUsU5gZQ/uRCxlEsrxzFgExIkP2t npwvKpneqLE= =QqK1 -----END PGP SIGNATURE-----
[you are posting to cypherpunks@toad.com... see: http://www.dcs.ex.ac.uk/~aba/cp.html for where you should be posting -- hint: the address you are posting to is out of date] Wesley Griffin <wgriffin@enslaved.student.umd.edu> writes:
By "companies like Network Associates", do you mean "companies who are members of the Key Recovery Alliance" (http://www.kra.org)? If so, here are the "companies like Network Associates", in that regard: [Note RSA is a Charter Member]
This statement is seriously confusing Key Recovery and Key Escrow. They are NOT the same thing. Everybody knows what Key *Escrow* is and that it sucks.
You need to understand Newspeak to understand any crypto documents written by the government, or government toadies. To them the key recovery, key escrow are just different PR terms to try to con people into going along with goverment backdoors in crypto software. The key recovery alliance program (KRAP) is a government program to bribe companies into building government backdoors into their crypto programs. The KRAP program requires it's participants to agree to fast track installation of GAK (Government Access to Keys -- master government backdoor stuff) into their software. In exchange for doing this the companies get permission to export ridiculously weak 56 bit crypto instead of even more ridiculously weak 40 bit crypto. They have a 2 year time frame in which to install government master backdoors into their crypto software. And there are reviews of progress made every 6 months -- failure to meet deadlines results in loss of 56 bit export permission.
Key Recovery is *very* different in that are no databases kept of private keys. The website you mentioned (http://www.kra.org) contains some very good info on how Key Recovery works. I would like to see the source of Schneier's quote also, because I can't believe he could get the two confused.
I fully expect Schneier spoke out against KRAP -- the companies involved are government sell outs. This is why people are upset that PGP Inc was just bought out by a KRAP company McAfee (which recently renamed itself to Network Associates). Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
participants (5)
-
Adam Back -
NoSpam -
Tim May -
Wesley Griffin -
William H. Geiger III