[6622] in cryptography@c2.net mail archive
Re: Coerced decryption?
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Sun Feb 13 18:58:58 2000
Message-ID: <007f01bf74fc$104681a0$16006598@asiainter.net>
Reply-To: "Enzo Michelangeli" <enzom@bigfoot.com>
From: "Enzo Michelangeli" <em@who.net>
To: <cryptography@c2.net>
Date: Sat, 12 Feb 2000 09:34:19 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In fact, I must confess that I don't understand the logic behing those law
proposals. In any PK systems, the document is encrypted with the public key
of the *recipient*. Let's suppose that some stranger send me an unsolicited
document encrypted with a key different from mine: how am I supposed to
decrypt it? And can I really be thrown to jail for that??
The only way to enforce such prescriptions would be to outlaw any encryption
not performed using government-mandated cryptosystems and keys issued by
government-regulated CA's. Luckily, that sounds unlikely to be accepted.
Enzo
----- Original Message -----
From: Marc Horowitz <marc@mit.edu>
To: Russell Nelson <nelson@crynwr.com>
Cc: <cryptography@c2.net>
Sent: Saturday, February 12, 2000 2:34
Subject: Re: Coerced decryption?
> Russell Nelson <nelson@crynwr.com> writes:
>
> >> Nobody's mentioned the possibility of an encryption system which
> >> always encrypts two documents simultaneously, with two different keys:
> >> one to retrieves the first (real) document, and the second one which
> >> retrieves to the second (innocuous) document.
>
> The coercer is likely to know you're using such a system (if nothing
> else, ciphertext more than incrementally larger than plaintext is a
> red flag), and will demand both documents. I could conceive of stego
> which might permit this, since large expansion ratios are normal, but
> if you're doing stego, and they're asking for keys, you've already
> lost.
>
> I'm curious how they plan on dealing with perfect forward secrecy.
> Practically, it means they can't usefully demand session decryption,
> which makes the law's usefulness somewhat questionable. Conveniently,
> I can very likely *prove* that I no longer have the key, since the
> software will delete it as soon as the session ends, and my wetware
> never even knew the key.
>
> Marc
>
