[1262] in cryptography@c2.net mail archive
Re: Fortezza dying on the vine?
daemon@ATHENA.MIT.EDU (John Kelsey)
Mon Jul 28 09:37:46 1997
To: "Perry's crypto list" <cryptography@c2.net>
From: John Kelsey <kelsey@plnet.net>
Date: Mon, 28 Jul 97 03:05:20 CDT
-----BEGIN PGP SIGNED MESSAGE-----
[ To: Perry's Crypto List ## Date: 07/28/97 02:43 am ##
Subject: Re: Fortezza dying on the vine? ]
>Subject: Re: Fortezza dying on the vine?
>From: Kent Crispin <kent@songbird.com>
>Sender: owner-cryptography@c2.net
>Date: Sat, 26 Jul 1997 22:31:40 -0700
>> The critical aspect of key-escrow is that there are uses where
>> a company would want a key-recovery scheme (secure data
>> storage), and there are others where it must be absolutely
>> prohibitted (authentication, no-repudable signatures,
>> communications encryption) for security reasons. Only the
>> inter-oganizational uses (without pre-existing relationship) of
>> the latter need to be part of a global PKI, therefore the
>> market will not bear key-escrow as part of a PKI.
>If by PKI you mean a web of cross-certified CAs or something
>similar, I agree. Private key escrow and certified public key
>warehousing are two completely separable functions, and the
>security requirements are rather different. However, the
>combination might be marketed as a "one-stop shop for all your
>crypto infrastructure needs" kind of thing. That is, who knows
>what the market will do?
True enough. The real problem with most key-escrow proposals is
that the things people really need are different than the things
governments tend to want them to have. What I really want from
my key escrow service is to escrow only the long-term keys I
want escrowed, and to have a very clear audit trail of any key
accesses which I can review anytime I like. What the US
government seem to want is to escrow all my keys (even session
keys for transient communications), and to be able to access
these keys without any chance of my noticing.
The result is that it's hard to sell me key escrow services that
are acceptable to the US government, because I don't really get
much of what I wanted out of the deal. If I have a choice
between a CA that also escrows keys in the way the government
wants, and another CA that doesn't escrow keys, or escrows them
the way I want, then I will probably choose the second CA.
>If you put your keys on a diskette, put the diskette in a
>safe-deposit box, and the government subpoenas the key, does
>that count as GAK? There are all kinds of means by which the
>government can get access to keys that do not involve a
>government infrastructure to implement.
This is true. One of the simplest is for the judge to order you
to decrypt your files, under the threat of being held in
contempt of court. One useful point about most of these is that
*silent* access isn't possible. That is, a judge can order me
to turn over my PGP private key, and I'll probably comply rather
than go to jail. However, this can't be done without my finding
out, and I may even have time to issue a key revokation before
turning it over. For various reasons, this is a lot less scary
than the silent key access that seems to be a requirement of
wiretapping key-escrow schemes.
>Kent Crispin "No reason to get excited",
>kent@songbird.com the thief he kindly spoke...
>PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55
>http://songbird.com/kent/pgp_key.html
--John Kelsey, Counterpane Systems, kelsey@counterpane.com
PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBM9xRbUHx57Ag8goBAQEi1wQAxbMZnWcfn31b8F14c9gLjK8qS36+iw31
qI1a/AM+NWRb7cASAM3BKhfAYdlLDQCJ4ihIWR/GSS4qS5M00pi4ZgW6RECINu5x
ei8EySpyFktarvNWBsQYlK8MGZjFwVKoEjBxr/CnqvmV4YAE8SfoBRbx+pCC5JkC
mK2kt9Hl+w8=
=0apO
-----END PGP SIGNATURE-----
