[3622] in cryptography@c2.net mail archive
Re: DCSB: Risk Management is Where the Money Is; Trust in Digital Comm
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Thu Nov 12 14:38:53 1998
From: "Enzo Michelangeli" <em@who.net>
To: <cryptography@c2.net>
Date: Thu, 12 Nov 1998 08:28:56 +0800
-----Original Message-----
From: Anonymous <nobody@replay.com>
Date: Thursday, November 12, 1998 4:42 AM
[...]
>> There is one potential fly in this ointment, and I do not intend to
>> dwell on it, but I cannot get this far and not mention the threat to
>> strong security apparati of having them undermined by key escrow.
>
>This is a red herring. The main issues in electronic commerce are
>authentication and authorization, not secrecy and encryption. The latter
>points can be important, but they are not crucial for commerce to proceed
>in the way that binding contractual commitments are. Key escrow does not
>apply to signature keys. No proposal for key escrow asks for signature
>keys to be escrowed. Only encryption keys are escrowed.
Alas, the latest proposals by the Department of Trade and Industry in UK are
to extend legal protection only to digital signatures whose keys are
escrowed with OFTEL (the UK Govt. telecom regulator). See:
http://omnisite.liberty.org.uk/cacib/artview.php3?currentgroup=3&pid=12&type
=resources
Note: OFTEL is a branch of the executive, NOT of the judiciary... To make it
worse, the keys can be obtained by a "senior police officer" (whatever that
may mean), and tipping off someone that his/her key has been obtained by the
police will constitute criminal offense. Be ready to pay for purchases made
by some crooked cop...
I wonder if they have read Rivest's paper on chaffing and winnowing, and
concluded that after all also digital signatures are highly subversive...
Enzo
