Newsgroups: sci.crypt
Path: cantaloupe.srv.cs.cmu.edu!crabapple.srv.cs.cmu.edu!fs7.ece.cmu.edu!europa.eng.gtefsd.com!howland.reston.ans.net!wupost!mont!mizzou1.missouri.edu!C445585
From: C445585@mizzou1.missouri.edu (John Kelsey)
Subject: Re: Once they get your keys....
Message-ID: <16BBAC7D3.C445585@mizzou1.missouri.edu>
Sender: news@mont.cs.missouri.edu
Nntp-Posting-Host: mizzou1.missouri.edu
Organization: University of Missouri
References: <930424031634.176183@DOCKMASTER.NCSC.MIL> <strnlghtC5z0pw.BLH@netcom.com>
Date: Sat, 24 Apr 93 14:12:10 CDT
Lines: 25

>In article <930424031634.176183@DOCKMASTER.NCSC.MIL> Grant@DOCKMASTER.NCSC.MIL (Lynn R Grant) writes:
>
>About 50 people so far have asked, "Once the FBI gets your Clipper keys,
>won't they be able to read all your future and past traffic?"
>
>There has been no response from NIST, NSA, Ms. Denning, Mr. Hellman, or
>anyone else who might be able to give us an authoritative answer.
>This is troubling.
 
   It was implied in the first technical posting by Dorothy Denning that the
FBI would do the decryption *for* the law enforcement agencies.  It wasn't
clear to me from the post whether this would be done in realtime or not, or
whether the FBI would just decrypt the session keys for the locals, or would
do the whole message.
 
   One thing I'm a bit puzzled by:  Why aren't they doing this with a public
key scheme of some sort?  You could generate two uniqe public/private pairsor
for each chip.  Then, escrow the private keys with the escrow agencies.  Set
the protocol up to encrypt the session key with both public keys.  To decrypt
a message, both escrow agencies (in the right order, for most PK schemes)
have to decrypt with the escrowed private key.  This way, there wouldn't be
thecconcern that, once the police had asked fo  a warrant/wiretap, they
would have your key forver.
 
   --John Kelsey
