[589] in cryptography@c2.net mail archive
RE: Escrow agencies closed?
daemon@ATHENA.MIT.EDU (Bill Stewart)
Sat Apr 19 16:45:31 1997
Date: Sat, 19 Apr 1997 12:39:55 -0700
To: smith@securecomputing.com (Rick Smith)
From: Bill Stewart <stewarts@ix.netcom.com>
Cc: "cryptography@c2.net" <cryptography@c2.net>
In-Reply-To: <v01540b01af7ea085df74@[172.17.1.61]>
>>I like the idea that someone, probably NSA, found a fatal flaw in the key
>>"escrow" portion of the protocol, and they are trying to prevent other
>>governments from GAKing their data. But then, I am a wide-eyed optimist.
>
>In other words, situations were developing in which the govt couldn't
>recover keys. I'm positive that's the inevitable result of any key recovery
>scheme, given enough calendar time. Security properties are notoriously
>hard to ensure in the real world.
There are two obvious things that can go wrong with a key "escrow" system
1) Keys get stored, but can't be recovered - Usually not serious,
but usually only discovered when you really want them,
but even that's only serious for backups, not for eavesdropping.
On the other hand, backup tapes often go bad, too.
2) Keys get stored, and then leak. Always potentially serious,
and often not discovered. The military gets REALLY, REALLY UPSET
about this sort of thing.
Then, of course, there's the problem that they're tired of spending the
money maintaining a "key escrow" system strong enough to prevent problem 2,
when the main reason for it was to try to promote the "key escrow" market
among civilian cryptographic use. Clipper's dead. Clipper 3 or Clipper 4
may be not dead yet, but they don't need a military Clipper/Capstone
infrastructure as an smokescreen; Louis Freeh can try to pay for that....
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
# (If this is a mailing list, please Cc: me on replies. Thanks.)
