IP: Final version of "Risks of Key Recovery" report now

[David Farber <farber () cis upenn edu>]

Date: Thu, 29 May 1997 00:04:41 -0400
From: Matt Blaze <mab () research att com>


The final (27 May 1997) version of the report ``The Risks of Key
Recovery, Key Escrow and Trusted Third-Party Encryption'' is now
available.  The report, by Hal Abelson, Ross Anderson, Steve Bellovin,
Josh Benaloh, Matt Blaze, Whit Diffie, John Gilmore, Peter Neumann,
Ron Rivest, Jeff Schiller, and Bruce Schneier examines the technical
implications, risks, and costs of the ``key recovery,'' ``key escrow''
and ``trusted third-party'' encryption systems being promoted by
various governments.  A preliminary version of the report was released
last week; the final version is now available.


The report is available as online as follows:


On the web at:
   http://www.crypto.com/key_study


In PostScript format via ftp:
   ftp://research.att.com/dist/mab/key_study.ps


In plain ASCII text format via ftp:
   ftp://research.att.com/dist/mab/key_study.txt


Abstract:


A variety of ``key recovery,'' ``key escrow,'' and ``trusted
third-party'' encryption requirements have been suggested in recent
years by government agencies seeking to conduct covert surveillance
within the changing environments brought about by new technologies.
This report examines the fundamental properties of these requirements
and attempts to outline the technical risks, costs, and implications
of deploying systems that provide government access to encryption keys.