[2946] in cryptography@c2.net mail archive
Re: Cisco et. al. to build GAK into routers
daemon@ATHENA.MIT.EDU (Phil Karn)
Mon Jul 13 14:42:51 1998
Date: Mon, 13 Jul 1998 11:24:06 -0700 (PDT)
From: Phil Karn <karn@qualcomm.com>
To: cryptography@c2.net
Cc: karn@qualcomm.com
In-reply-to: <199807131630.JAA05635@blacklodge.c2.net> (message from Black
Unicorn on Mon, 13 Jul 1998 11:29:58 -0500)
I just read the Cisco white paper.
They're proposing simply that there be plaintext back doors into
encryption boxes that operate at less than an end-to-end level and are
operated by entities other than the one under investigation.
A good example would be a tunnel-mode IPSEC gateway operated as part
of a company's virtual private network when the target of the
investigation is, say, an employee.
This hardly creates a new vulnerability, at least not in principle.
It merely illustrates a basic security principle we've known for a
very long time: security mechanisms should always be placed as close
as possible to the entities that they protect. And to prevent
conflicts of interest, they should be controlled by the same entities
whose data they are protecting.
In other words, user-controlled end-to-end encryption is the only way
to go, and only a fool trusts someone else to encrypt his data for
him. We've *always* known that.
Tunnel-mode IPSEC is still useful as a way of allowing an employee to
penetrate a corporate firewall from the outside when he travels. But
the user must remember that the encryption here is for the company's
benefit, not his own. Tunnel-mode IPSEC is still no substitute for
end-to-end encryption controlled by the user himself.
Phil
