[1666] in cryptography@c2.net mail archive
Re: Michael Frese notes a serious flaw in proposed legislation
daemon@ATHENA.MIT.EDU (Ben Laurie)
Sun Sep 28 14:09:27 1997
Date: Sun, 28 Sep 1997 13:04:48 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: Ron Rivest <rivest@theory.lcs.mit.edu>
CC: cryptography@c2.net
Ron Rivest wrote:
>
> Michael Frese makes the interesting point (below) that proposed crypto
> legislation mandating plaintext recoverability should, logically,
> apply to ALL encryption, **including encryption whose purpose is just
> to implement key recovery itself**. There is nothing in the proposed
> legislation that would make an exception for such encryption.
>
> For example, if my software encryption encrypts message M with
> symmetric key K, and then appends a trailer that contains K encrypted
> with the public key of Citibank (my chosen key recovery agent), then
> doesn't the trailer itself need to have some plaintext recovery
> feature implemented for it? If not, then why can't I be sending along
> some secret stuff to Citibank with each trailer (i.e. in addition to
> the key)?
>
> Similarly, if I append two trailers which contain K1 and K2 encrypted
> respectively with the secret keys of Citibank and ACLU (my two chosen
> key recovery agents), where the message key K = K1 xor K2 (so that I
> am using a simple form of ``secret sharing''), then should the FBI
> have ``immediate access'' somehow to the plaintext of the two trailers
> (i.e. to K1 and K2)? I note that in this case, K1 may be chosen
> totally arbitrarily, and then K2 determined as K xor K1, so that I really
> can send arbitrary messages to Citibank in the trailer.
>
> I think this nice example shows how poorly thought through the proposed
> legislation is...
This is essentially the same flaw as I pointed out in the TTP proposal
put forward by the DTI in the UK. You end up having to have TTPs to
escrow the keys used to transfer information between the TTPs and their
customers, which, in turn, need more TTPs, and it all becomes a horrible
mess.
Cheers,
Ben.
--
Ben Laurie |Phone: +44 (181) 994 6435|Apache Group member
Freelance Consultant |Fax: +44 (181) 994 6472|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |Apache-SSL author
A.L. Digital Ltd, |http://www.algroup.co.uk/Apache-SSL
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache
