GAK solutions was: Is there a lawyer in the house?

[Pat Farrell]

In message Thu, 7 Dec 95 16:27:23 EST, cme at acm.org  writes:
> It could be even worse.  I was on a panel last year with Scott Charney
> (sp?) (I believe from DoJ) during which he commented that if you give
> your secret key to anyone -- e.g., your own company -- then you have
> given up the presumption of privacy.

Interesting. At the NIST meeting, criteria #5 deals with decrypting
a conversation with only the key from one end.

I thought that would be hard to implement. But during the discussion,
they called on Miles Smid [sp?] who was obviously a NIST employee/consultant
with real knowledge. He suggested that you could encrypt the
session key with the public key of both parties, and send it along.
This would allow single ended GAK.

This is not far from the idea that CME proposed that the NSA/FBI/CIA
publish public keys, and we'll hack a voluntary version of PGP that
encrypts the session key with the LEA public key -- instant
voluntary Key Escrow.

Miles Smid's idea seemed reasonable, until you realize that he intends
you to escrow your private key...

Pat

Pat Farrell    Grad Student      http://www.isse.gmu.edu/students/pfarrell
Info. Systems & Software Engineering, George Mason University, Fairfax, VA
PGP key available on homepage               #include <standard.disclaimer>