How to ban crypto?

[John R. Levine]

>>The two most common anti-GAK arguments are:
>>   1a) It can't be done well.
>>   1b) If it can't be done well, it shouldn't be done at all.
>>   1c) Specifically, the risk of wholesale key-compromise is too great.

>The basic argument is complexity. ...

For 1c, I always thought the basic argument is human nature.  The
model of GAK is that a nice policeman goes to the GAK vault, shows the
court order or other paperwork, and the clerk gives the policeman the
key to whatever it is he wants to snoop on.  Then the evil terrorist
(or kiddie porn drug runner) shows up without the proper paperwork,
and the clerk doesn't give him the key.  We depend on the clerk to act
correctly in both situations, which over the long run is totally
unrealistic.

A complexity argument is that either you have a separate key on file
for each crypto device, which is a huge record-keeping problem, or you
have a super-key of some sort that the clerk can use to recreate
device keys as needed.  In the former case, you have a large database
that will be very hard to maintain both correctly and securely, in the
second case, you have a single target that's very attractive to bad
guys and as soon as the superkey is compromised, the whole system is
broken.

Those of us in the computer biz understand how brittle software tends
to be (not just crypto software), but people outside often don't, even
as they reboot their Windows PCs three times a day.

-- 
John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869
johnl at iecc.com, Village Trustee and Sewer Commissioner, http://iecc.com/johnl, 
Member, Provisional board, Coalition Against Unsolicited Commercial E-mail



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com