How to ban crypto?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Sep 18 04:11:00 EDT 2001


"Steven M. Bellovin" <smb at research.att.com> writes:

>The basic [GAK] argument is complexity.  Cryptographic software and key
>exchange protocols are very hard to get right even in simple cases.  If we now
>try to add a new feature, we have to add complexity.  Worse yet, this new
>feature is designed to do something that is not only brand-new, it's something
>that more conventional protocols and implementations are designed to avoid, at
>virtually all costs:  export a copy of the key.  Why do you think we can get
>this right?

There is strong empirical evidence to support the fact that we can't get this
right.  Let's say a GAK infrastructure is two orders of magnitude more
difficult to establish than a PKI (it may be even worse than that, but let's
take that as an estimate - to get a GAK infrastructure going you need, as a
minimum, a fully functional PKI to build on top of).

After 10 years of effort we haven't even managed to get a basic PKI going yet
(what's being practiced today could best be described as "certificate
manufacturing").  I can't see how a GAK infrastructure will ever be practical.

(I once heard a story about a someone in the military who suggested that
 security researchers develop a program which could analyse another program to
 see if it would do something malicious.  The response was that the military
 should fund the research and they'd let them know when they had a solution.
 Perhaps this is a way to get funding for further PKI/GAK research).

Peter.



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list