[2948] in cryptography@c2.net mail archive
Re: IETF building GAK into the PKI
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Mon Jul 13 19:21:57 1998
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@c2.net, schear@lvcm.com
Reply-To: pgut001@cs.auckland.ac.nz
X-Charge-To: pgut001
Date: Tue, 14 Jul 1998 10:02:52 (NZST)
>>I realise that this is a somewhat emotional issue for most people, so please
>>don't respond by flaming the people responsible for the design.
>Even if these designers arn't flamed, it would be useful for their names to
>be widely known (e.g., when those of us in hiring positions are considering
>their resumes). I can't believe they weren't aware of the consequences of
>their designs.
That may be taking things a bit far... I think the people who designed these
features genuinely weren't aware of how they would end up being (mis)used once
they were in place. I contacted some of the designers (twice) months ago and
expressed my reservations about the GAK-ready design, and also posted a
message to the PKIX list about a week ago, but never got a response - the
(highly politicised) cypherpunk types are used to seeing this sort of thing
coming from various GAK initiatives and can immediately see the dangers in the
design, but I suspect a lot of others genuinely couldn't see why it was a
problem. The PKIArchiveOptions capability is particularly nasty because
unlike, say, Lotus' differential workfactor encryption or similar per-message
backdoors pointed out by Steve Bellovin in a recent message, if use of
PKIArchiveOptions is made mandatory it'll be impossible to obtain an
electronic identity unless you hand over your keys at the same time. Again
using the UK as an example, I'll refer people to the UK requirement for
mandatory government licensing of TTP's (trusted third parties, a kind of CA
superset with GAK functionality built in) which were floated last year and
which are still around in a modified form.
(At some point I must write up a rant about creeping key escrow, it's scary how
many commercial products I'm seeing which are designed so that the keys will
be generated by a central authority, with a copy sent to the user. What's
worse is that the people who end up buying and using the products see this as
perfectly normal, and it often takes a fair bit of explaining for them to see
why this is a bad thing).
Peter.
