[436] in cryptography@c2.net mail archive
Re: Analysis of proposed UK ban on use of non-escrowed crypto.
daemon@ATHENA.MIT.EDU (Michael Froomkin - U.Miami School )
Tue Apr 1 18:09:04 1997
Date: Mon, 24 Mar 1997 13:52:49 -0500 (EST)
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
To: ben@algroup.co.uk
cc: aba@dcs.ex.ac.uk, cypherpunks@cyberpass.net, cryptography@c2.net,
trei@process.com, ttp.comments@ciid.dti.gov.uk, rja14@cl.cam.ac.uk
In-Reply-To: <9703241820.aa19712@gonzo.ben.algroup.co.uk>
On Mon, 24 Mar 1997, Ben Laurie wrote:
> Can we clearly demonstrate that a TTP as defined by the DTI document is not a
> TTP as widely accepted by the crypto community, and therefore its name should
> be changed?
Hmm... I cannot speak to Euro-speak usages, but consider this
(self)-quotation in a discussion of the May 1996 US government paper,
_Enabling Privacy, Commerce, Security and Public Safety in the Global
Information Infrastructure_:
The White Paper proposes that the government promote the development of a
PKI, but it makes key escrow the price of admission:
"To participate in the network a user needs a public key certificate
signed by a CA which "binds" the user's identity to their public key. One
condition of obtaining a certificate is that sufficient information
_(e.g., private keys or other information as appropriate)_ has been
escrowed with a certified escrow authority to allow access to a user's
data or communications."{160}
The italicized portion of this assertion is unique to the White Paper. No
other proposal for a public-key infrastructure currently being discussed
in the U.S. requires that all users divulge their private keys to a CA or
anyone else.{161} On the contrary, while other proposals anticipate that
users seeking an identifying certificate will have to give the CA evidence
of their identity so that the CA can issue the certificate in good faith,
they also make it clear that the user has a duty to safeguard the secrecy
of her private key.{162} The White Paper blurs the difference between
showing a CA a passport or a corporate resolution granting signature
authority to an individual, and giving an outside authority the ability to
intercept all of one's communication.
Source:
http://www.law.miami.edu/~froomkin/articles/planet_clipper.htm#ENDBACK160
A. Michael Froomkin, It Came From Planet Clipper: The Battle Over
Cryptographic Key "Escrow", 1996 Chicago Legal Forum 15, 55-56.
A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | "Cyberspace" is not a place.
U. Miami School of Law | froomkin@law.miami.edu
P.O. Box 248087 | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.
