[482] in cryptography@c2.net mail archive
Re: Analysis of proposed UK ban on use of non-escrowed crypto.
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Thu Apr 3 14:23:31 1997
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@c2.net, cypherpunks@cyberpass.net,
ttp.comments@ciid.dti.gov.uk
Reply-To: pgut001@cs.auckland.ac.nz
X-Charge-To: pgut001
Date: Thu, 3 Apr 1997 13:18:36 (NZST)
[Warning: Vague ramblings about semantics follow]
Ben Laurie writes:
>Can we clearly demonstrate that a TTP as defined by the DTI document is not a
>TTP as widely accepted by the crypto community, and therefore its name should
>be changed?
I think the term TTP, like key escrow, has been "poisoned" by its misuse by
certain governments to the extent that it can't be used to mean "trusted third
party" - it's just another euphemism for GAK, just like key escrow became just
another euphemism for GAK. I doubt it'll be possible to substitute some other
term for TTP, because the UK government appears to have designated "TTP" to be
their particular GAK synonym. I've been waging a (successful, I hope) battle
here to get people to use the term CA instead TTP, which is a pity because TTP
is more understandable to the masses. Terms like CA, however, are well-
established enough to make it difficult to turn them into just another name for
GAK.
Maybe it would be a good idea to launch a counterstrike by releasing a proposal
to counter the TTP one, which includes a term similar to TTP but without the
GAK connotations (I'll refer to it as non-GAK TTP, NGTTP, because I can't think
of anything appropriate at the moment). Instead of just reacting to the TTP
proposal, provide a counter-proposal to plant the NGTTP meme, and then
continually emphasize that TTP = bad, NGTTP = good. This has happened to some
extent with the appearance of a number of research papers and news stories
which (presumably deliberately) refer to "key recovery attacks" (rather than
alternatives such as "cryptanalysis"). Tactics like this will make it somewhat
difficult for governments to push "key recovery" - if Joe Sixpack remembers
that key recovery is what hackers do to cellphones, he'll be less than
enthusiastic when the government wants to do the same thing to him. Similarly
if you can plant the idea that TTP = big brother whereas NGTTP = the sensible
solution, it'll make it easier to bring the whole thing to the masses.
Peter.
