Interesting People mailing list archives
IP: Re: Interactive Week exclusive - White House to launch
From: Dave Farber <farber () central cis upenn edu>
Date: Wed, 22 May 1996 04:05:23 -0400
Date: Wed, 22 May 1996 03:00:12 -0400 To: Dave Farber <farber () central cis upenn edu> From: "Joseph M. Reagle Jr." <reagle () mit edu> At 01:15 PM 5/19/96 -0400, Dave Farber wrote:
The "White Paper" (if it exists) from the White House is different from the National Research Report. The NRC is independent from the White House and the Government.
It is real, and Declan McCullagh has already provided a brief summary of his take on the document. Of course, it is a draft and perhaps it is unfair to criticize it too harshly at this point. Also, the author writes in the "govt. tense" but the govt. isn't one monolithic entity. It certainly confirms something someone told me a couple of weeks ago about efforts at the international level for governments to work out agreements between themselves on how to deal with crypto with respect to their security interests. So, taking it as is, I think calling it "Clipper III" is a fair thing to do. A few thoughts: - the meat is in the footnotes. - buzzword compliance: key recovery and Key Management Infrastructure (KMI). - intro: market forces and government/industry cooperation. - key bullet points: o Certificate authorities will operate within performance standards set by legislation o Agreements between governments will serve as the basis for international cross certification. o Self-escrow will be permitted under specific circumstances. [1] [1] The escrow agency must meet performance requirements for law enforcement access. - Denning's CACM survey key escrow article and Hoffman's "Building in Big Brother" are cited. - A lot of talk about "mutually trusted CAs" A footnote [4] "A mutually trusted authority is an escrow agent trusted by users to store keys and trusted by law enforcement to provide access upon certification of lawful authority." One has freedom to choose any CA, as long as the mutual trust exists. - At the international level "Law enforcement and some national security concerns would be protected since government agencies would be able to obtain escrowed key pursuant to government-to-government agreements." - Products can be exported to countries with these agreements. - Self escrow: "To avoid this risk [of investigations being compromised], independent escrow authorities could be added as another layer. Such a solution would drive up the cost to operate the PKI and drive down the efficiency of conducting public key certification functions, particularly for individual users." [Ok, so independent CAs are "bad" things"] "The solution may be a national policy which allows CAs for an organization to be escrow authorities if they can reliably turn over keys in a timely fashion when requested and to protect the confidentiality of any request for escrowed key. To this end, the government should seek legislation that would shield organization certificate authorities from internal pressures in the course of law enforcement investigations." [A "good" thing?] - provisions for legislation on civil or criminal liability on the commercial/private side. - gives requirements for KMI: key integrity, key accessibility, key recovery with respect to confidentiality, availability and responsiveness (24 hours) requirements. So Clipper III is a bit meaner and leaner. If Clipper I would have sunk because of sheer clumsiness, a sleeker ship carrying the same load will now be developed by the free market. The load is the assumption that citizens can be "compelled in any criminal case to be a witness against himself." _______________________ Regards, Be nice to people on your way up because you'll need them on your way down. -W. Migner Joseph Reagle http://farnsworth.mit.edu/~reagle/home.html reagle () mit edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E
Current thread:
- IP: Re: Interactive Week exclusive - White House to launch Dave Farber (May 22)