[2807] in cryptography@c2.net mail archive
Re: 1998 "Risks of Key Recovery" report now available
daemon@ATHENA.MIT.EDU (Vin McLellan)
Thu Jun 11 10:03:07 1998
In-Reply-To: <199806101417.KAA09396@fbi>
Date: Wed, 10 Jun 1998 15:13:31 -0400
To: Matt Blaze <mab@research.att.com>
From: Vin McLellan <vin@shore.net>
Cc: cryptography@c2.net
Among so many bright guys, I don't know who to credit, but this is
a _magnificent_ piece of work.
It sets an rare and impressive standard for clear analysis, but its
also a wonderful piece of writing! I only hope it gets the audience it
deserves. I think this document has the potential to significantly elevate
the level of public (and media) consciousness about crucial but often
obscure issues in US crypto politics.
Politicians, reporters, and other commentators who so often discuss
these issues solely in terms of philosophy and political rhetoric should
feel the need to read this cool, measured, analysis of the technical
context within which the US government's proposals are so blithely offered.
If they don't, they should be ridiculed and dismissed as Deputy AG and
purported policy maven Robert Litt has been, after he admitted a couple
days ago that he had not even read the seminal NRC report: "Cryptography's
Role in Securing the Information Society."
(I shrugged when AG Reno confessed she couldn't manage a PC and
preferred a pencil and paper, but Litt's admission shamed us all. It's even
available on-line, Mr. Litt! <http://www.replay.com/mirror/nrc/>)
Thanks, Matt, and congratulations to you and your peers. (And
thank you CDT for remembering that the best retort to the bureacracy's FUD
and flood of GAK propaganda is good information, well-written and
credibly-sourced. The Center For Democracy and Technology lives up to its
name sponsoring papers like this!)
Suerte,
_Vin
---------------
At 10:17 AM -0400 6/10/98, Matt Blaze wrote:
>In May of last year, a group of 11 cryptographers and computer
>security researchers released a technical study of the risks, costs,
>and complexities of deploying so-called "key recovery" systems
>proposed by the U.S. and other governments. The report, entitled "The
>Risks of Key Recovery, Key Escrow, and Trusted Third Party
>Encryption", concluded that building a secure, economical key recovery
>infrastructure of the kind required would be "beyond the current
>competency of the field."
>
>In the year since the report was first issued, there has been a great
>deal of government, industry, and research activity toward designing,
>prototyping, and building key recovery systems to meet government or
>commercial requirements. We have revisited our study to take into
>account the latest work on key recovery and have issued an updated
>study. The report, published by the Center for Democracy and
>Technology, was released at the 1998 EPIC Cryptography Conference in
>Washington DC on June 8th.
>
>The 1998 edition of "The Risks of Key Recovery" report is now
>available on the web at:
>
> <http://www.crypto.com/key_study>
>
>>From the report's preface:
>
> One year after the 1997 publication of the first edition of this
> report, its essential finding remains unchanged and substantively
> unchallenged: The deployment of key recovery systems designed to
> facilitate surreptitious government access to encrypted data and
> communications introduces substantial risks and costs. These risks
> and costs may not be appropriate for many applications of encryption,
> and they must be more fully addressed as governments consider policies
> that would encourage ubiquitous key recovery.
>
>The reports authors include Hal Abelson, Ross Anderson, Steven
>M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore,
>Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, and Bruce
>Schneier.
-----
"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others who
deem only themselves worthy of such Privilege."
_ A thinking man's Creed for Crypto/ vbm.
* Vin McLellan + The Privacy Guild + <vin@shore.net> *
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
