[2572] in cryptography@c2.net mail archive
my final submission
daemon@ATHENA.MIT.EDU (M Taylor)
Thu Apr 23 12:59:27 1998
Date: Wed, 22 Apr 1998 14:45:48 -0300
To: efc-talk@efc.ca
From: M Taylor <mctaylor@glyphmetrics.ca>
Cc: cryptography@c2.net
Below is my error-ridden, hard-to-read submission, representing myself. At
least I was not silent. It was submitted late, so it may not be publicly
available, or even considered.
Would someone who is close to one of the regional offices or the Industry
Canada Library please let us know of other submissions. I am particularly
interested in the RCMP's "input." Their biggest real concern is their
ability to conduct illegal wiretaps I assume.
[To Cryptography readers: further Cdn related reading,
<http://www.efc.ca/pages/crypto/golden-key.html>]
-M Taylor
April 21, 1998
Helen McDonald
Director General, Policy Development
Task Force on Electronic Commerce
Industry Canada
20th Floor, 300 Slater Street
Ottawa ON K1A 0C8
The first we have to do is realise that we are dealing with software and
hardware intended for regular everyday people. We do not always notice that
we already are using cryptography everyday. It is integrated into the
services and software we use daily, at the Interact's POS device, your
bank's ATM, or the online bookstore secure web server. Cryptography is
becoming ubiquitous with network communications. An upcoming version of the
Internet Protocol (IP) includes authentication and confidentiality in its
packets, so we can expect all commercial Internet traffic in a few years to
make use of cryptography. We are also dealing with a very dynamic
discipline which intersects mathematic and computer science fields that
have been changing at an unbelievable rate. Canada is posed to be a world
leader in providing secure electronic commerce products, if the Government
of Canada is willing to support private industry's efforts by allowing
export of the products for sale outside of Canada.
The Cryptography Framework Policy asks, "[w]hat can governments do to
accelerate the roll-out of the infrastructure which would offer public
access to cryptography services and secure electronic commerce?" I think
this question contains a problem, in that for the maximum benefit of
encryption resources to be realised, the end-user, that is the citizen or
business, must control the resource for any substance degree of confidence
in the encryption. The infrastructure itself must be built using secure
cryptographic protocols of authentication and confidentiality, not a
service on top of the existing information communication infrastructure.
Otherwise security may be susceptible to manipulation of the communication
channel itself, undermining the IT security efforts.
The Government of Canada has already taken a bold first step in the correct
direction with its Government of Canada Public Key Infrastructure (PKI)
which is being put into place this year to be a Certificate Authority (CA)
and Trusted Third Party (TTP) for the government department's own public
keys. Additional, I would like to see the GOC PKI certify Canadian private
industry CA to increase the level of trust in Canadian operated CAs.
A third-party CA should absolutely not have access to the signature
private-key, this nullifies the expectation that only the authorized users
of the private have access to it. This would weaken the trust of the system
by increasing the possibility that a forgery took place. Within a company,
a correctly implemented information security infrastructure would include
means for data recovery of encrypted information, but the signature key
should be disposable and revokable, not recoverable.
"Trusted Third Party" and "Certificate Authority" should not be treated as
synonymous because, they are two very different roles. With the CA, myself
and others trust it to publish my signature public-key. Thus, I only need
entrust them with public information about me. The TTP escrows my
encryption private key of my encryption public-key pair. Thus, they have
access to non-public information, the encryption private key. I must trust
the TTP to not misuse this privileged access and decrypt information
encrypted that is accessible to me.
Important legal issues within need to be resolved, such as the validity of
the digital signature usage in relation to contracts and liability of a
comprised signature private key.
The government of Canada should work with the US NIST on the development of
a successor to DES, called Advanced Encryption Standard (AES) which is a
suppose to be a 128-bit block symmetric cipher which accepts keys of 128,
192, and 256-bits. [1] This standard should be strongly recommended to be
used for non-classified government encryption. If this encryption standard
is going to be accepted by developers it also needs to be easily exportable
to customers in USA and other global partners.
The export process needs to be streamlined to prevent impairing the smaller
Canadian companies in a global marketplace. One step is the clarification
of the regulations, such as prior approval on a variety of non-classified
algorithms and their keys sizes to simplify the application process for
smaller companies. Expansion of what meets the designation of mass-market
software would reduce the delays of export permit approval, specify
including commonplace hardware encryption devices, such as smart card
technology, personal data security, and personal secure communication
products that use widely available hardware or software based encryption
and authentication. Software and hardware that uses non-classified
algorithms should be readily approvable for export to major global markets
in friendly nations such as UK, Australia, and Sweden. Perhaps a list of
"fast-track" countries which make up the majority of Canada's export
markets and that the government has very good relations with (members of
the Wassenaar, etc). Any export restrictions for authentication-only
products that are hardware or software based should be removed immediately.
The free export of software via the General Software Notice must be
preserved to ensure the freedom of research within Canada's excellent and
world-class cryptography research community. It provides a valuable means
of allowing cryptography to be freely supported amongst the free software
community which has been cornerstone in the development of Internet
software and standards. Finally it allows small companies to easily deploy
mass-market cryptography software for the end-user's own needs without
using valuable resources of DFAIT.
The escrow or "recovery" of encryption keys is prohibitively complex,
expensive, impossible to implement without reducing the security of the
encryption, and carries the threat of an infrastructure which could be
abused by the government and law enforcement agencies, and little ability
to detect such abuses. Based on the papers by leading cryptographers and
computer scientists, we must acknowledge that the process of "key recovery"
places a great demand on a small number of individuals and a very complex
information system with a extremely large level of trust.[2,3] In a recent
paper by the NSA [4], concerns for security and vulnerabilities we
discussed including how to reduce the risks, but concluded without being
able to restore my confidence in such a system. Any key recovery system is
contrary to the fundamental ideology that the Canadian populous is treated
as law-abiding citizens unless there is explicit reason to suspect them of
a crime. Recently in the news, the Mexican government was caught spying on
its citizens including on opposing politicians running in elections. If we
are to continue to be a democratic nation which does not grant our
political leaders absolute power over Canadian citizens, then we cannot
build a system which allows a member of the key-recovery process who works
for a political party, provide the keys necessary to eavesdrop on other
political parties.
Funding for advancing the cryptanalysis abilities of the CSE would be
cheaper and may be far more productive while maintaining a secure
infrastructure for electronic commerce and the privacy of Canadian citizens.
I refuse to participant in, support, or condone any form of government
sponsored key recovery of law-abiding citizens and will continue to use and
promote lower risk escrow less cryptography in Canada. I will continue to
promote the use of cryptography in our information infrastructure, even
when there is a minute risk of preventing court-sanctioned _attempts_ to
gather information via wiretaps. Cryptography is becoming a common dual-use
technology like the house, which may be used to harbour criminal actives,
yet we do not require the deposit of house keys with local law enforcement
agencies.
M Taylor
1. Announcing Request for Candidate Algorithm Nominations for the Advanced
Encryption Standard, National Institute of Standards and Technology, Docket
No. 970725180-7180-01, <URL:http://csrc.nist.gov/encryption/aes/aes_9709.htm>
2. The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption,
Abelson, Anderson, Bellovin, Benaloh, Blaze, Diffie, Gilmore, Neuman,
Rivest, Schiller, Schneier, "Final Report", May 27, 1997
<URL:http://www.crypto.com/key_study/>
3. Government, Cryptography, and the Right To Privacy
Shearer, Gutmann, March 1996
<URL:http://www.cs.auckland.ac.nz/~pgut001/pubs/jucs96.pdf>
4. Threat and Vulnerability Model for Key Recovery
unofficial NSA report, April 1998,
<URL:http://www.fcw.com/pubs/fcw/1998/0413/web-nsareport-4-14-1998.html>
