[1587] in cryptography@c2.net mail archive
Re: Crypto Keys as Spam
daemon@ATHENA.MIT.EDU (Bill Frantz)
Tue Sep 23 13:07:55 1997
In-Reply-To: <199709231420.KAA02052@postal.research.att.com>
Date: Tue, 23 Sep 1997 09:28:16 -0700
To: Steven Bellovin <smb@research.att.com>, Charles Platt <cp@panix.com>
From: Bill Frantz <frantz@netcom.com>
Cc: cryptography@c2.net
At 7:20 AM -0700 9/23/97, Steven Bellovin wrote:
>Recall that some existing key "recovery" schemes simply have the session key
>transmitted in-band, encrypted with J. Edgar Hoover's public key. Anyone
>monitoring the session gets the key, and if you aren't monitoring the
>session you don't need the key. After all, there's no requirement
>that you have to record all of your own conversations. Yet.
Note that this kind of protocol creates a single key, which if compromised,
will cause everyone using the protocol to lose security. I consider it too
dangerous for any data that was more than mildly confidential.
-------------------------------------------------------------------------
Bill Frantz | Internal surveillance | Periwinkle -- Consulting
(408)356-8506 | helped make the USSR the | 16345 Englewood Ave.
frantz@netcom.com | nation it is today. | Los Gatos, CA 95032, USA
