Newsgroups: sci.crypt
Path: cantaloupe.srv.cs.cmu.edu!das-news.harvard.edu!noc.near.net!howland.reston.ans.net!gatech!ncar!csn!yuma!holland
From: holland@CS.ColoState.EDU (douglas craig holland)
Subject: Re: Secret algorithm [Re: Clipper Chip and crypto key-escrow]
Sender: news@yuma.ACNS.ColoState.EDU (News Account)
Message-ID: <Apr18.204843.50316@yuma.ACNS.ColoState.EDU>
Date: Sun, 18 Apr 1993 20:48:43 GMT
References: <16695@rand.org> <16696@rand.org> <strnlghtC5LGFI.JqA@netcom.com>
Nntp-Posting-Host: beethoven.cs.colostate.edu
Organization: Colorado State University, Computer Science Department
Keywords: encryption, wiretap, clipper, key-escrow, Mykotronx
Lines: 53

In article <strnlghtC5LGFI.JqA@netcom.com> strnlght@netcom.com (David Sternlight) writes:
>
>Though some may argue about the nose of the camel, it's worth noting that
>the government proposal is limited to scrambled telephony. If it is only
>used for that purpose, and does not extend to electronic mail or file
>encryption, then it IS an improvement over the current mass-produced
>standard civilian technology which, with a few exceptions, is limited to
>easy-to-break inverters.
>
>Note that the big issue for the feds is the continued ability to wiretap.
>Before we go off the deep end with long discusions about secure crypto for
>e-mail and files, let's focus on this.
>
>One question that was not asked in the release is whether this proposal is
>limited to telephony, or if the government intends to expand it.
>
>Though I share many of the concerns expressed by some, I find the proposal
>less threatening than many others, since right now most Americans have no
>secure telephony, and any jerk with a pair of clip leads and a "goat" can
>eavesdrop. This would also plug up the security hole in cellular and
>cordless phones.
>
>-------
>
>Reading between the lines, I infer that the system is highly secure
>without access to the keys. This would meet the needs of U.S. businesses
>confronted by rich and powerful adversaries, including French and Japanese
>security services and rich Japanese companies. It allows the NSA to make
>available some of its better stuff while protecting law enforcement needs.
>
>Most legitimate U.S. corporations trust the NSA, and would be delighted to
>have a high-security system certified by them, even at the price of
>depositing keys in escrow. I see no difficulty in creating a reliable
>escrow. Corporations entrust their secrets to attorneys every day of the
>week, and that system has worked pretty well.
>
>From my point of view this is a fair starting point. There are concerns that
>need to be addressed, including the reliability of the escrows. But in
>return we get access to high-security crypto. Many have suggested that DES
>and other systems may be breakable by the NSA and hence others similarly
>skilled and endowed. There is at least a good possibility (which should be
>checked) that the proposed system is not so breakable. It doesn't have to
>be, nor does it have to have trapdoors, if the government can get the keys
>pursuant to a legitimate court order. Thus they can protect legitimate
>communications against economic adversaries, while still being able to
>eavesdrop on crooks pursuant to a court order.
>
	Let me ask you this.  Would you trust Richard Nixon with your
crypto keys?  I wouldn't.

						Doug Holland


