[3648] in cryptography@c2.net mail archive
Re: DCSB: Risk Management is Where the Money Is; Trust in Digital Comm
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Fri Nov 13 14:58:30 1998
From: "Enzo Michelangeli" <em@who.net>
To: "Ian BROWN" <I.Brown@cs.ucl.ac.uk>
Cc: "cryptography" <cryptography@c2.net>
Date: Fri, 13 Nov 1998 19:47:19 +0800
Uhm, I see. But in that case, what happens if someone gets a (non-escrowed)
DSA cert, and uses it for a secure web server only supporting the
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA ciphersuite (ephemeral Diffie-Hellman
authenticated with DSS)? Strong, MIM-attack-resistant, and required by TLS
for minimum compliance (and, HOPEFULLY, some day supported by popular
browsers...)
This won't work for S/MIME v.3, because the recipient will anyway need a D-H
certificate as well, but for SSL it appears to present a large loophole to
the pro-escrow legislation.
Enzo
-----Original Message-----
From: Ian BROWN <I.Brown@cs.ucl.ac.uk>
To: Enzo Michelangeli <em@who.net>
Cc: cryptography <cryptography@c2.net>
Date: Friday, November 13, 1998 7:11 PM
Subject: Re: DCSB: Risk Management is Where the Money Is; Trust in Digital
Comm
>>Alas, the latest proposals by the Department of Trade and Industry in UK
are
>>to extend legal protection only to digital signatures whose keys are
>>escrowed with OFTEL
>
>Much as I dislike the DTI's proposals, it is more complex than that.
>"Licensed" CAs do not have to escrow signature-only private keys when they
>certify the corresponding public key. But if a certified public key can be
>used for encryption and not just signature verification, the corresponding
>private key must be escrowed, and available to law enforcement within an
hour
>of a warrant being presented to the CA. Cue mass switch from RSA to DSA...
>
>Oh, and CAs aren't allowed to be licensed for certifying signature-only
keys
>but unlicensed for certifying encryption-capable keys.
>
>The DTI are trying to intimate to judges that signatures checkable with
>certificates from licensed CAs should be given a stronger presumption of
>validity than those from unlicensed CAs. But the draft European Commission
>directive on electronic signatures explicitly prohibits member states from
>doing this. Could be an interesting battle.
>
>Ian :(
>
>
