New Threat on the Horizon: Software Key Escrow

Timothy C. May tcmay at netcom.com
Tue Jul 26 16:45:58 PDT 1994


Cypherpunks,

Sorry I haven't been able to participate in the thread I started, but
my own post has yet to make it here to "Notcom," and later posts are
dribbling in out of order, without prior context, etc. (I suspect the
problem is at Netcom's end, e.g., refusing mail, and not at Toad's
end.)

Hal Finney wrote:

> used, and the consensus seemed to be that the hooks aren't there.  If you
> want to inter-operate with this software, which will presumably be widely
> available in the future, you will have to join the official certification
> hierarchy.  So long, web of trust.

I think this is happening. I just got a forwarded response from a
Microsoft paralegal, and he confirms that Microsoft is working on
various aspects of key escrow, software key escrow, etc. Mostly, he
says, for export to countries with key escrow (!!). I don't feel at
liberty to post his response here, but I encourage Blanc Weber, who
handled the intermediary exchange, to get permission to do so, or to
just do so on his own authority.

I should also note that the Microsoft legal guy claimed I was "off a
little" (which could be "a lot" if he was being facetious) in my
speculations about Chicago, in '95. We'll see in 1995, I guess. In
any case, getting confirmation that Microsoft is working on key escrow
_at all_ is a simply amazing development, I would say.

(I don't know if they're planning to use the algorithm that Matt Blaze
described, the one from Trusted Information Systems. Others may know.)


> built-in encryption of your choice.  But this will be a big job.  Still,
> maybe the best approach when MSoft comes out with this encryption built-
> in will be to get software out which will bypass it while still using
> the other value-added features like hot links, automatic encryption/
> decryption, etc.  Otherwise they may well succeed in getting a de facto
> standard into place which does not protect individual privacy.

I agree with Hal completely. Everything is pointing to the existence
of a heretofore unknown cooperationg between Microsoft and NIST on a
software key escrow system. The TIS work looks to be the key.

More than this morning, I stand by my speculation that a serious
proposal exists to implement some form of key escrow in software.
This could establish a "de facto standard" faster than anything
connected with Clipper ever could.

Vigilance!

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."





More information about the cypherpunks-legacy mailing list