Fun_People Archive
27 May
Clipper-III

Content-Type: text/plain
Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
From: Peter Langston <psl>
Date: Mon, 27 May 96 23:44:58 -0700
To: Fun_People
Subject: Clipper-III

Forwarded-by: Keith Bostic <bostic@bsdi.com>

Forwarded-by: Phil Agre <pagre@weber.ucsd.edu>

[John Gilmore's analysis of the latest US gov't key escrow proposals,
plus a postscript [also from John].]

From:	IN%"gnu@toad.com"  "John Gilmore" 22-MAY-1996 07:22:01.12

I just read over the Clipper-III paper.  Here's the main scoop.  The
Government is trying to force key escrow on the world by incorporating
it into key certification systems.

They are playing on public ignorance of key certification, and are
trying in some cases to deliberately mislead people into thinking that
key certification and key escrow are the same thing.

Key certification is a way for a third party to declare that a
particular public key "belongs to" a particular identity.  E.g. that
key 85197FB5 really belongs to John Gilmore.  In PGP, people who know
you can "sign" your key to make this declaration.  Then, anyone who
trusts those people will know that your key is really yours.  When
they encrypt mail with public key 85197FB5, they can believe that
only John Gilmore can read it.

Key certification NEVER involves giving anyone a copy of your
*private* key.  Your private key is, and always should be, private to
yourself and nobody else.

Key escrow is a way for governments to get access to your private key
and read your private communications whenever they don't like what you
are doing or saying.  Or for any other reason.  So far, the only
government that is really pushing for this is the US government.
Their published policies for when they will access your key are
disturbingly non-specific.  I believe this is to cover for access by
the spy agencies such as NSA, which the public would not sanction if
it knew their current policies.

Even if the published policy for accessing your escrowed keys required
that a judge issue a warrant based on probable cause to believe a
crime has been committed -- which it doesn't -- that provides no
protection from a government that feels free to make any harmless act
into a crime.  As in the Soviet Union, lofty principles can be written
into the legal documents, but somehow citizens end up without
enforceable rights anyway.  I don't want to see my country go this
route, though it's obviously 80% of the way there already.

Because large-scale key certification systems will to some degree
involve centralization, they provide pressure points where the
government can try to force people to do bad things.  (One thing that
has kept the Internet free is that there was no central place to sue,
arrest, threaten, or otherwise terrorize into submission.)  In this
case, the bad thing they'll try to force is that the central
certification authorities will refuse to certify your key as yours,
even though they know it's yours, unless you first give the government
a copy of your private key.

Foreign relations are important to this policy, since if a significant
number of countries don't adopt this model then it won't work.  (Those
countries will build good crypto and export it, and it will leak out
around the world because of the worldwide demand for real privacy.)
The US is working hard in the OECD, the European Community, and in
one-on-one discussions with other governments, to convince them all to
impose key escrow on their citizens.

That's the scenario laid out by the Clipper-III paper.  It's a pretty
good strategy on their part.  Our job is to make it come out some
other way.

	John Gilmore

PS:  The whole paper is at http://www.eff.org/pub/Privacy/Key_escrow/
Clipper_III/960520_nist_clipper3_paper.draft.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Forwarded-by: John Gilmore <gnu@toad.com>
Subject: Re: clipper iii

[...]

One thing you should add is that digital signatures require key
certification.  A lot more people recognize the term "digital
signature" than "key certification".

The government is trying to hold digital signatures hostage in this
game.  Their paper says that escrow will only be required of "keys
used for confidentiality purposes and not keys used for signing
purposes", but my first take is that there is no practical difference.
An un-escrowed key certification hierarchy for digital signatures can
also be used for confidentiality.

	John
prev [=] prev © 1996 Peter Langston []