[Cryptography] Making scenarios realistic

Ralf Senderek crypto at senderek.ie
Mon Apr 15 13:39:26 EDT 2019



On Mon, 15 Apr 2019, Phillip Hallam-Baker wrote:

> The paper is from 1997. Think about that for a while. Back then we thought that the biggest
> issue any crypto system had to address was how to absolutely guarantee any possibility that the
> FBI could gain any imaginable advantage in any circumstance whether realistic or not.

In 1997 I happened to know people who already tried to broaden the user 
base of PGP keys in an academic environment including the improvisation of 
user interfaces to PGP. But the common mindset was the opposition to key 
escrow in any form, because key escrow is very different from key 
availabilty/backup which was a pain in the neck back then, and still is.

> [...] we ended up with end-to-end email take up of about 2 million S/MIME and
> 2 million OpenPGP users having registered a key - about -.1% of users. and they use it for maybe
> 1% of their email.

Even if your numbers were correct (in the open source community a handful 
of keys secure the integrity of a large number of OS packages, and almost 
all users are unaware of their "use" of GPG keys) the lesson to be learned 
here is that key management is the problem to be solved. But it has to be 
solved in a way that the user can contol himself, not by key escrow.

     --ralf


More information about the cryptography mailing list