[3146] in cryptography@c2.net mail archive
We don't need a PKI to build universal strong encryption
daemon@ATHENA.MIT.EDU (John Gilmore)
Wed Aug 5 14:14:39 1998
To: cryptography@c2.net, gnu@toad.com
In-reply-to: <v03130302b1ee226908ad@[24.128.118.45]>
Date: Wed, 05 Aug 1998 10:50:14 -0700
From: John Gilmore <gnu@toad.com>
Arnold Reinhold said:
> I think what Hambre and FBI Director Freeh really fear is universal strong
> encryption, where almost everyone's e-mail and even phone calls are
> strongly encrypted just because they have Windows 2002 installed. Doing
> that requires a public key infrastructure and that is not so easy to build.
Universal strong encryption does NOT require a public-key infrastructure!
The Diffie-Hellman "key agreement" protocol can agree on keys to
protect 99.99% of the traffic with no additional public-key crypto,
and no infrastructure. Widely deployed D-H that then keys Triple-DES
or some other strong cipher would protects against all passive attacks
except traffic analysis. It would require specific intervention in
your phone call with customized equipment -- or physically bugging
your house -- to recover the contents of the message.
If you want to make that 100x as secure, you can have the two sides
authenticate each other with a public key they remember from session
to session (as SSH does). When you call Joe, your phone starts
shrieking if Joe's suddenly got a different public key than he did the
last time you called him.
If you want to make it another 1000x as secure as that, then you need
a public-key infrastructure.
But let's do steps one and two first -- there is NOTHING the government
can do to stop us!
> So they feel they still have time to influence how it is designed.
So do we. And we're in the heart of the industry that's building
these products.
John
