About that "Mighty Fortress"... What's it look like?

[David G. Koontz]

On 18/08/10 3:46 AM, Peter Gutmann wrote:
> Alexander Klimov <alserkli at inbox.ru> writes:
> 
>> Each real-time check reveals your interest in the check. What about privacy
>> implications?
>
> (Have you ever seen a PKI or similar key-using design where anyone involved in
> speccing or deploying it genuinely cares about privacy implications?  Not only
> have I never seen one, I've even been to a talk at a conference where someone
> was criticised for wasting time on privacy concerns).


(You may have opened your question too wide).

Privacy against whom?  There were enough details revealed about the key
escrow LEAF in Clipper to see that the operation derived from over the air
transfer of keys in Type I applications.  The purpose was to keep a back
door private for use of the government.  The escrow mechanism an involution
of PKI.

There were of course concerns as evinced in the hearing under the 105th
Congress on 'Privacy in the Digital Age: Encryption and Mandatory Access
Hearings', before the Subcommittee on the Constitution, Federalism, and
Property Rights, of the Committee on The Judiciary, United States Senate in
March 1998.  These concerns were on the rights of privacy for users.

Clipper failed primarily because there wasn't enough trust that the privacy
wouldn't be confined to escrow agents authorized by the Judiciary.  The
Federal government lost credibility through orchestrated actions by those
with conscience concerned over personal privacy and potential government abuse.

Privacy suffers from lack of legislation and is only taken serious when the
threat is pervasive and the voters are up in arms.









---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com