[1557] in cryptography@c2.net mail archive
Re: Nyah, Nyah, I've Got A Secret
daemon@ATHENA.MIT.EDU (tzeruch@ceddec.com)
Mon Sep 22 13:37:46 1997
Date: Mon, 22 Sep 1997 13:00:01 -0400
From: tzeruch@ceddec.com
To: cryptography@c2.net
In-Reply-To: <199709210157.VAA15458@postal.research.att.com>
On Sat, 20 Sep 1997, Steven Bellovin wrote:
> What I don't see discussed is the size and impact on industry
> of key escrow and the key management costs to government.
> These are what really will get legislators attention.
>
> The CBO has been asking folks in industry for figures on what key
> escrow will cost them.
But there is no specific proposal except that it needs to allow immediate
access to plaintext. Does that mean a key for a session that occured one
year ago? Keys used for internal testing? Does it mean access to an
existing session that didn't cache the shared secret? Will there be an
escrow agency and will they charge to escrow keys? If I send the FBI the
escrowed key, and they lose it, do I have to keep a local copy?
Without giving any specific form of infrastructure, they can simply deny
that it will cost anything because they will claim that "you won't need to
do it that way". Then when they implement it, they make it as expensive
as possible to comply, or use an ad-hoc approach where they throw
"uncooperative" users in jail for violating one of the contradictory
administrative rules.
How can an ISP enforce something on a user? Use an old version of
Netscape and go to jail? Download SSLeay and go to jail?
Even something like PGP or a disk encryptor will have problems since any
escrowed key will have to be stored *somewhere* unless they mandate an
online exchange before letting it work. So if that somewhere is altered,
do you lose all your data, or does it simply become illegal?
Linux would probably be illegal since it has the loop device and it can
be used to encrypt.
Cars would be more fuel efficient if Congress would repeal inertia.
Mandating immediate access to plaintext is functionally a ban on crypto,
since anything that would work would either be too expensive or difficult
to use or weaken the crypto to the point where it does not protect
anything.
