How to ban crypto?

Matt Blaze mab at research.att.com
Sun Sep 16 19:21:52 EDT 2001


John Denker writes:
[regarding key escrow]
> I'm dubious about argument (1) in all its forms.  I suspect that if we 
> wanted to make it work, we could make it work.
[...]
[and]
> 
> 2) There are AFAICT no convincing technical arguments against GAK.
[...]

I'm curious as to your technical basis for saying this.  Certainly when we
studied this in 1997 and 1998 we concluded that while it is may by
possible to create a key escrow system that gives out keys, building one
securely entails significant risks and costs that may preclude the use
of encryption in many applications.  See
	http://www.crypto.com/papers/escrowrisks98.pdf

There were no serious technical objections when we wrote the report
(and there were significant commercial interests trying to sell key
escrow systems at the time).  In what way is the problem easier today
than it was then?

If anything, the key escrow problem has become much harder.  Today,
far more than three years ago, encryption is central to protecting
many aspects of what we call "critical infrastructure", and, although I've
not systematically studied this recently, I suspect it would be far more
difficult to protect many of these applications with a requirement for
key escrow.

That said, I think you may have made an important point with
your third and forth conclusions:

> 3) The ultra-serious crimes such as occurred last week are irrelevant to 
> the GAK debate, and vice versa.
> 
> 4) Therefore it comes down to a routine policy decision:  We get to choose 
> a tradeoff somewhere in the gray area between
>   -- extreme privacy, and
>   -- extremely easy solution of some minor crimes.
> 

-matt






---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list