[cryptography] Key escrow 2012

James A. Donald jamesd at echeque.com
Fri Mar 30 22:39:07 EDT 2012


On 2012-03-30 10:10 PM, StealthMonger wrote:
 > -----BEGIN PGP SIGNED MESSAGE-----
 > Hash: SHA1
 >
 > Adam Back<adam at cypherspace.org>  writes:
 >
 >> Not sure that we lost the crypto wars.  US companies export full 
strength
 >> crypto these days, and neither the US nor most other western 
counties have
 >> mandatory GAK.  Seems like a win to me
 >
 > Nope.  If we had won, crypto would be in widespread use today for
 > email.


We did not understand what software was needed, and have not supplied it.

Widespread use of encryption requires end to end encryption.  Mapping 
names to keys is too much work for the end user if it is additional task 
on top of doing what needs doing, so people do not bother.

Need a zooko triangle like system in which your key is your ID.

If key is your ID, need a system that substitutes for DNS which maps 
keys to network addresses.  (Does bitcoin map keys to network 
addresses?.  I don't think it could work unless it does.)

If encryption is end to end, needs to replace tcp with something built 
on top of udp which supports NAT penetration.

So need a DNS and tcp replacement.

And, since committees are always a security hole (the committee always 
comes under hostile state influence) the tcp/DNS replacement needs to 
have an arbitrary and potentially large number of bits identifying the 
protocol, instead of being limited to eight or sixteen bits of protocol 
identification as tcp is, and a potentially multi step protocol 
negotiation allowing client and server to search for a shared protocol 
of a class, so that we can avoid the need for an ICANN

ICANN, and the states it represents, was implicit in thirty two bit 
network addresses and in the eight to sixteen bit protocol identifiers 
of tcp.





More information about the cryptography mailing list