[ISN] 1998 "Risks of Key Recovery" report now available (fwd)

From: mea culpa (jerichoat_private)
Date: Wed Jun 10 1998 - 13:56:16 PDT

  • Next message: mea culpa: "[ISN] US Crypto policy hurting American business..."

    Forwarded From: "Jay D. Dyson" <jdysonat_private>
    Courtesy of Cryptography List
    Posted by Matt Blaze <mabat_private>
    In May of last year, a group of 11 cryptographers and computer security
    researchers released a technical study of the risks, costs, and
    complexities of deploying so-called "key recovery" systems proposed by the
    U.S. and other governments.  The report, entitled "The Risks of Key
    Recovery, Key Escrow, and Trusted Third Party Encryption", concluded that
    building a secure, economical key recovery infrastructure of the kind
    required would be "beyond the current competency of the field." 
    In the year since the report was first issued, there has been a great deal
    of government, industry, and research activity toward designing,
    prototyping, and building key recovery systems to meet government or
    commercial requirements.  We have revisited our study to take into account
    the latest work on key recovery and have issued an updated study.  The
    report, published by the Center for Democracy and Technology, was released
    at the 1998 EPIC Cryptography Conference in Washington DC on June 8th. 
    The 1998 edition of "The Risks of Key Recovery" report is now available on
    the web at: 
    >From the report's preface:
      One year after the 1997 publication of the first edition of this
      report, its essential finding remains unchanged and substantively
      unchallenged: The deployment of key recovery systems designed to
      facilitate surreptitious government access to encrypted data and
      communications introduces substantial risks and costs.  These risks
      and costs may not be appropriate for many applications of encryption,
      and they must be more fully addressed as governments consider policies
      that would encourage ubiquitous key recovery.
    The reports authors include Hal Abelson, Ross Anderson, Steven M.
    Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Peter
    G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, and Bruce Schneier. 
    Version: 2.6.2
    -----END PGP SIGNATURE-----
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:39 PDT