[2805] in cryptography@c2.net mail archive
1998 "Risks of Key Recovery" report now available
daemon@ATHENA.MIT.EDU (Matt Blaze)
Wed Jun 10 10:40:18 1998
To: cryptography@c2.net
Date: Wed, 10 Jun 1998 10:17:56 -0400
From: Matt Blaze <mab@research.att.com>
In May of last year, a group of 11 cryptographers and computer
security researchers released a technical study of the risks, costs,
and complexities of deploying so-called "key recovery" systems
proposed by the U.S. and other governments. The report, entitled "The
Risks of Key Recovery, Key Escrow, and Trusted Third Party
Encryption", concluded that building a secure, economical key recovery
infrastructure of the kind required would be "beyond the current
competency of the field."
In the year since the report was first issued, there has been a great
deal of government, industry, and research activity toward designing,
prototyping, and building key recovery systems to meet government or
commercial requirements. We have revisited our study to take into
account the latest work on key recovery and have issued an updated
study. The report, published by the Center for Democracy and
Technology, was released at the 1998 EPIC Cryptography Conference in
Washington DC on June 8th.
The 1998 edition of "The Risks of Key Recovery" report is now
available on the web at:
<http://www.crypto.com/key_study>
>From the report's preface:
One year after the 1997 publication of the first edition of this
report, its essential finding remains unchanged and substantively
unchallenged: The deployment of key recovery systems designed to
facilitate surreptitious government access to encrypted data and
communications introduces substantial risks and costs. These risks
and costs may not be appropriate for many applications of encryption,
and they must be more fully addressed as governments consider policies
that would encourage ubiquitous key recovery.
The reports authors include Hal Abelson, Ross Anderson, Steven
M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore,
Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, and Bruce
Schneier.
