[2942] in cryptography@c2.net mail archive
Re: IETF building GAK into the PKI
daemon@ATHENA.MIT.EDU (Steve Bellovin)
Mon Jul 13 11:50:15 1998
To: pgut001@cs.auckland.ac.nz
cc: cryptography@c2.net
Date: Mon, 13 Jul 1998 10:59:39 -0400
From: Steve Bellovin <smb@research.att.com>
> GAK
> infrastructure which the USG has admitted it can't build will have been made
> available for it by the IETF.
Thanks for the heads-up on this. I would dispute, though, that all
of the practicality questions of a GAK infrastructure are answered by
the existence of this field.
The issue has never been the simple existence of a mechanism to leak
keys. There are obviously many ways to do that, starting with the
simplest: send the key in cleartext. From there, we can progress
to the Clipper LEAF field, the differential work factor used by Lotus,
and all the other schemes that have been proposed to let the governments
of the world look at nominally-private bits. The crucial problem --
and one that I and others claim is extremely difficult, and likely
impossible (see http://www.crypto.com/key_study/) is to design the
surrounding infrastructure so that it is both efficient and secure
against technical and non-technical attacks. Sticking a new field
in a certificate message doesn't do anything to change any of that.
