[700] in cryptography@c2.net mail archive
Concern over Netscape announcement and GAK
daemon@ATHENA.MIT.EDU (sameer)
Tue May 6 00:37:10 1997
From: sameer <sameer@c2.net>
To: cryptography@c2.net
Date: Mon, 5 May 1997 21:32:23 -0700 (PDT)
Cc: jsw@netscape.com
I've been made aware by various people at Netscape that they
really are implementing only optional key recovery/OKAY (Optional Key
Access for Yourself, according to Adam) rather than Key Recovery/GAK
as was implied by the recent announcement.
However, I am concerned that this was enough for Commerce to
grant Netscape export approval for 56 bit DES. They don't want strong
non-GAK cryptography widely deployed. Why, then, would they approve
Netscape's plan to include *optional* key recovery?
By promoting *optional* key recovery now, an infrastructure is
being built which will make it easy for the government to mandate GAK.
As of now there is no infrastructure for GAK. If the government passed
a law saying everyone must use GAK-crypto, then *no crypto* would be
legal, as there is not much key recovery on the market. If "optional"
key recovery becomes the standard, the government then becomes free to
pass a law mandating GAK. No one will have to stop using their
existing Netscape browsers, mail clients, etc -- all they'll have to
do is make sure they turn "on" the until-now "optional" so-called "key
recovery" option.
So while I accept that Netscape may not be consciously
planning to implement GAK in their products, the Netscape announcement
is still a very sad thing, as the government has effectively coerced
Netscape into implementing a GAK-future without them even realizing
it.
(ObPlug: C2Net does all its development offshore, and it not
subject to US government coercion with respect to crypto exports)
--
Sameer Parekh Voice: 510-986-8770
President FAX: 510-986-8777
C2Net
http://www.c2.net/ sameer@c2.net
