[1720] in cryptography@c2.net mail archive
EC refutes GAK
daemon@ATHENA.MIT.EDU (David Hayes)
Thu Oct 9 12:08:44 1997
Date: Thu, 09 Oct 1997 09:15:25 -0500
To: cryptography@c2.net
From: David Hayes <david.hayes@mci.com>
The European Commission released a report on cryptography which differs
markedly with the Clinton administration's insistence on total GAK.
"Restricting the use of encryption could well prevent law-abiding companies
and citizens from protecting themselves against criminal attacks," the
report warns. "It would not, however, totally prevent criminals from using
these technologies."
The report also notes a new (to me, anyway) method of bypassing GAK while
maintaining full compliance with the law:
"Users could encrypt a relatively large number of session keys in a way
that the previous key encrypts the next one, always using one or several
official escrow/recovery systems. Only the last key would be used to
encrypt the message. An agency would need to reverse this process and to
obtain all keys in order to read the message; although technically
feasible, this task would be extremely difficult to manage. To be noted,
the users would have fully complied to a key recovery scheme."
I learned about this from C|Net News. Some pointers for further reference:
C|Net news article:
http://www.news.com/News/Item/0,4,15038,00.html
EC Report:
http://www.ispo.cec.be/eif/policy/97503.html
--
David Hayes David.Hayes@MCI.Com
Switch Systems Engineering voice: 972-918-7236
MCI Communications, Inc. VNET: 777-7236
--If these thoughts were MCI's official opinions, the line above would
--read "MCI - Law & Public Policy Department".
