[1575] in cryptography@c2.net mail archive
Re: Crypto Keys as Spam
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Tue Sep 23 10:41:27 1997
To: Charles Platt <cp@panix.com>
cc: cryptography@c2.net
Date: Tue, 23 Sep 1997 10:20:56 -0400
From: Steven Bellovin <smb@research.att.com>
If we do suffer a federal law that mandates key escrow and survives
constitutional tests, would it be possible to screw the system by
generating huge numbers of crypto keys for federal storage? Imagine,
say, 100,000 people each contributing a million different keys to the
federal registry.
This kind of civil disobedience would be impractical, of course, if a
filing fee were charged for receipt and registration of each key. Stil
l,
other forms of disobedience (already developed in anti-spam-site
offensives) suggest themselves if keys are to be transmitted to a fede
ral
registry via the net.
Overall, I find it hard to see how key escrow would be practical on a
very
large scale, for reasons such as these. After all, InterNIC has troubl
e
merely managing email addresses.
--CP
Recall that some existing key "recovery" schemes simply have the session key
transmitted in-band, encrypted with J. Edgar Hoover's public key. Anyone
monitoring the session gets the key, and if you aren't monitoring the
session you don't need the key. After all, there's no requirement
that you have to record all of your own conversations. Yet.
