[cryptography] Key escrow 2012

Adam Back adam at cypherspace.org
Fri Mar 30 03:45:10 EDT 2012


As I recall people were calling the PGP ADK feature corporate access to
keys, which the worry was, was only policy + config away from government
access to keys.

I guess the sentiment still stands, and with some justification, people are
still worried about law enforcement access mechanisms for internet &
telecoms equipment and protocols being used in places like Syria, Iran etc,
which is a quite similar scenario.

And as we all know adding key recovery and "TTPs" etc is a risk, cf
"The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption"
by Abelson, Anderson, Bellovin, Benaloh, Blaze, Diffie, Gilmore, Neumann,
Rivest, Schiller & Schneier.

http://www.crypto.com/papers/key_study.pdf

Not sure that we lost the crypto wars.  US companies export full strength
crypto these days, and neither the US nor most other western counties have
mandatory GAK.  Seems like a win to me :)

Adam

On Fri, Mar 30, 2012 at 12:24:47PM +1100, ianG wrote:
>On 30/03/12 09:38 AM, Jon Callas wrote:
>
>>Also, there wasn't a PGP system. The PGP "additional decryption key" is really what we'd call a "data leak prevention" hook today, but that term didn't exist then. Certainly, lots of cypherpunks called it that at the time, but the government types who were talking up the concept blasted it as merely a way to mock (using that very word) the concept.
>
>
>
>And therein lies another story!  Which always seems to end:  and then 
>we lost the crypto wars.  I treat it as a great learning experience.
>
>
>
>iang
>_______________________________________________
>cryptography mailing list
>cryptography at randombit.net
>http://lists.randombit.net/mailman/listinfo/cryptography



More information about the cryptography mailing list