[3149] in cryptography@c2.net mail archive
Re: We don't need a PKI to build universal strong encryption
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Wed Aug 5 23:26:42 1998
In-Reply-To: <199808051750.KAA28487@toad.com>
Date: Wed, 5 Aug 1998 20:44:46 -0400
To: John Gilmore <gnu@toad.com>, KDAGUIO@aba.com, cryptography@c2.net
From: "Arnold G. Reinhold" <reinhold@world.std.com>
At 10:50 AM -0700 8/5/98, John Gilmore wrote:
>Arnold Reinhold said:
>> I think what Hambre and FBI Director Freeh really fear is universal strong
>> encryption, where almost everyone's e-mail and even phone calls are
>> strongly encrypted just because they have Windows 2002 installed. Doing
>> that requires a public key infrastructure and that is not so easy to build.
>
>Universal strong encryption does NOT require a public-key infrastructure!
>
>The Diffie-Hellman "key agreement" protocol can agree on keys to
>protect 99.99% of the traffic with no additional public-key crypto,
>and no infrastructure. Widely deployed D-H that then keys Triple-DES
>or some other strong cipher would protects against all passive attacks
>except traffic analysis. It would require specific intervention in
>your phone call with customized equipment -- or physically bugging
>your house -- to recover the contents of the message.
I hope it is clear that I am just trying to explain what I think Mr. Hambre
meant. Your point that a PKI is not technically necessary for universal
strong encryption is well taken. But the government's main concern is not
what is technically possible but what is likely to happen. They fear that
if export controls are lifted, a PKI will quickly emerge for electronic
commerce needs. Universal strong encryption will then be a byproduct.
I agree we should make strong encryption easier, but I do not believe the
majority of the public will use if it requires even one extra step in
setting up their computer. They might, however, take some extra steps if
their bank holds their hand and offers them a free toaster. E-commerce
drives PKI and PKI leads to universal strong encryption.
Kawika Daguio writes:
>The governments's goal is to deny access to the mainstream networked
>economy unless one plays ball according to "the rules." The strategy they
>are following is a pretty good one and the UnderSecretary is dead on on
>the practical issues.
>
>While bad guys may be able to talk to each other, they may make bad
>technology choices, stand out because of the nonstandard nature of their
>security methods, or not be able to conduct secure communications without
>prearrangements. Any of these things happening may lead to wins (perhaps
>small) for the good guys.
>...
I think you are right about the government's goal. But sound technology
guidance is widely available -- from PGP, the ABA (3DES) and, soon, NIST
(AES). If bad guys pre-encrypt using "nonstandard" methods, detecting them
will require wholesale breaking of the approved encryption methods. And how
do bad guys avoid law enforcement traps if they send criminal messages
without prearangements? "Dear Drugs-R-Us: We saw your web page and would
like to order the $100 coke special. Our SET credentials are attached.
Please ship overnight UPS. Sincerely Bob & Alice."
I am not willing to sacrifice my privacy for occasional small wins for the
good guys.
Arnold Reinhold
Got crypto? http://ciphersaber.gurus.com
