[1580] in cryptography@c2.net mail archive
Re: Emphasizing a point by Donald Eastlake re key recovery
daemon@ATHENA.MIT.EDU (Ross Anderson)
Tue Sep 23 11:36:53 1997
To: rivest@THEORY.LCS.MIT.EDU (Ron Rivest)
cc: key-group@cdt.org, cryptography@c2.net
In-reply-to: Your message of "Mon, 22 Sep 1997 22:50:38 EDT."
<199709230250.AA12239@swan.lcs.mit.edu>
Date: Tue, 23 Sep 1997 09:34:42 +0100
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
Ron writes:
> An unintended consequence of mandated key recovery would be to put the
> entire framework of digital signatures at risk. The reason is that a
> user's private key (with which he signs messages) is typically encrypted
> for safe storage on his computer (or on a server). Mandated key recovery
> could require that every user turn over to the FBI the password with
> which he encrypts his private key.
Quite right - and if you want to see the spooks' intentions and mind set
look at the UKkey escrow protocol (http://www.cs.berkeley.edu/~daw/GCHQ/;
my comments at www.cl.cam.ac.uk/ftp/users/rja14/euroclipper.ps.gz).
There, it is explicit that signature keys will not only be stored, but
also distributed to users, encrypted under an escrowed encryption key.
There is also the point that the vast majority of encryption keys are
actually used for authentication rather than confidentiality. The keys
that encrypt your bank card PIN en route from the ATM to the bank, the
keys in your satellite TV decoder, the keys in your gas meter and your
postal meter - in fact the majority of all DES keys in use - are about
authentication. In theory most of them could be replaced by digital
signature mechanisms but given the size of the installed base, it
won't happen anytime soon.
The bright side is that the FBI will have severe problems enforcing an
escrow law. If the law says that all 100,000 ATMs in the US have to have
their keys turned over to the FBI, then what? Do the banks obey the law
and sue the FBI when money goes missing? Who pays $10^9 for the system
changes? If the FBI won't pay and won't assume liability for ATM frauds,
do the banks disobey the law and then does the FBI turn a blind eye?
Does it become a criminal offence for a Brit to enter the US with a
physical keyring in his pocket containing an electronic car locking
device (which uses a nonlinear feedback shift register) or a motorway
toll tag (which uses DES)? Will possession of a German Eurocheck card
(DES) land a tourist with five years' jail? The whole thing's just
ludicrous!
Ross
