|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Sun, 13 Feb 1994 11:41:19 -0500 (EST) From: Miles R Fidelman <fidelman@civicnet.org> To: com-priv@psi.com Some thoughts re. CLIPPER: Two basic propositions: Even if CLIPPER provides excellent security, and the government is completely above board in its key escrow technology: i. rightly or wrongly, very few people will trust government managed cryptography -- there have been enough concerns raised about government -managed key generation -- key escrow just raises more concerns ii. alternative cryptographic technology is sufficiently available to anyone who really wants it - and since it can be implemented in software, there is really no way to keep it out of people's hands Conclusions that I draw from the above: i. the "bad guys" (drug lords, stock swindlers, name your favorite) will have all the privacy they want ii. if non-CLIPPER technology remains legal, anyone with high value information (e.g. trade secrets) will use an alternate technology iii. if non-CLIPPER technology is outlawed, then a lot of people may not bother with security at all iv. in any case, we all lose, for the following reasons: -- cryptography actually provides several services, the main ones being confidentiality (you can't see what I send), authentication (this really came from me), integrity (what you're reading hasn't been changed in transit) -- for many (most?) business applications, authentication and integrity are far more important than confidentiality -- for widespread use of the net for conducting any kind of business, we will need to have not just communiations interoperability, but cryptographic interoperability as well -- for example we all need to use the same digital signature scheme or we're dead in the water so... -- with CLIPPER and no legal alternatives, the bad guys will use what they want and the rest of us won't trust the crypto so we won't use any -- with the result that electronic commerce won't get very far -- with CLIPPER and legal alternatives, the government will be using its standard setting role to push an unpopular system, the various alternatives will all be proprietary, so again we probably won't get any real interoperability (though the track record of tcp/ip despite the governments push toward OSI provides a counterexample) leading to the question: what, if anything would CLIPPER really accomplish? Miles ************************************************************************** Miles R. Fidelman mfidelman@civicnet.org Executive Director 91 Baldwin St. Charlestown MA 02129 The Center for Civic Networking 617-241-9205 fax: 617-241-5064 Check out our gopher server: CCN - The Center for Civic Networking on the list of all gopher servers in the world. Information Infrastructure: Cyberspace is Civic Space Public Spaces for the 21st Century **************************************************************************
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |