[3086] in cryptography@c2.net mail archive
Geer's Law of Good and Easy offers a political solution?
daemon@ATHENA.MIT.EDU (John Gilmore)
Sun Jul 26 19:35:54 1998
To: Dan Geer <geer@world.std.com>
cc: "P. J. Ponder" <ponder@freenet.tlh.fl.us>, cryptography@c2.net,
gnu@cygnus.com
In-reply-to: <199807261440.AA08891@world.std.com>
Date: Sun, 26 Jul 1998 14:33:40 -0700
From: John Gilmore <gnu@toad.com>
Dan Geer today stated what looks to me like a Law of Good and Easy:
> You can have good crypto or you can have easy crypto
> but you cannot have good, easy crypto.
This is an interesting observation. Even if we believe this, we
clearly have much further to go in making crypto EITHER easy OR good,
so there's no shortage of work to do.
But this observation might be the salvation of the most defensible of
the FBI/NSA interests. Suppose we deploy strong but easy (rather than
strong and good) crypto, such as automatic Diffie-Hellman key
establishment, but with only occasional and intermittent
authentication by humans. If this became widespread end-to-end (or
even firewall-to-firewall) then mass surveillance would take a lot of
work and get detected if anyone cared to look. But it would still be
possible to cost-effectively mount an active attack against particular
suspects, if they were a small and non-paranoid fraction of the
population.
The paranoid among us would be using strong authentication and crypto
end-to-end, that logs failures into a permanent log which we actually
read, so we'd notice attempts at active attacks if they were common.
The vacuum cleaner guys could try to avoid probing the paranoid, while
attacking everyone else, but there'd be a certain percentage of
detectable mistakes, particularly if we made the well-checked
authenticated stuff look just like the easy automatic D-H from the
outside.
This might be a way to prolong the current "balance of interests",
more or less, while protecting the communications of the vast majority
of honest or harmless citizens from each other and from the
government.
John
