[466] in cryptography@c2.net mail archive
Re: Analysis of proposed UK ban on use of non-escrowed crypto
daemon@ATHENA.MIT.EDU (A. Padgett Peterson P.E. Informati)
Wed Apr 2 11:15:54 1997
Date: Wed, 2 Apr 1997 10:19:06 -0500 (EST)
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
To: cryptography@c2.net
I suspect that should there be such a law, we will simply see a spate
of tertianary assymmetic keys: a mechanism which will use one key to
encrypt and two keys to decrypt. One public key, one CA key, and a private
key.
There are simply too many ways to circumvent *any* cryptograpic law in a
regeme which presupposes innocence. The most difficult potentially
being to prove that crypto was used at all - or is zeroing buffer space
also going to be a requirement ?
The next difficulty will be top prove that a specific crypto was used:
XORing with the Federal Register will produce a one-time-pad whose
output is the Federal Register. Is not at all difficult to create a crypto
with two different but intelligable outputs, just so far no-one has
bothered.
Personally think these proposals are "fliers", things so bad that the
radicals will get hung up on elements the gov could really care less about.
Tricky part is to pick out what complies with the *real* agenda. Licensing
of CAs certainly. Provisions for disclosure. Penalties for failure to
disclose. But limited to licensed CAs only. Of course only keys
registered with a licensed CA will be recognized in a court of law,
or admissable in any correspondance with the government.
Financial institutions will be quick to sign up and if you want a smart
Barclay/MasterCard/Amex/VISA, guess what ? *That* IMNSHO is the agenda.
Warmly,
Padgett (USDA)
http://www.netmind.com/~padgett
