[ISN] 1998 "Risks of Key Recovery" report now available (fwd)

From: mea culpa (jerichoat_private)
Date: Wed Jun 10 1998 - 13:56:16 PDT

Next message: mea culpa: "[ISN] US Crypto policy hurting American business..."

Previous message: mea culpa: "[ISN] Big Step Toward Net Security (IBM/Equifax)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded From: "Jay D. Dyson" <jdysonat_private>


-----BEGIN PGP SIGNED MESSAGE-----

Courtesy of Cryptography List

Posted by Matt Blaze <mabat_private>


In May of last year, a group of 11 cryptographers and computer security
researchers released a technical study of the risks, costs, and
complexities of deploying so-called "key recovery" systems proposed by the
U.S. and other governments.  The report, entitled "The Risks of Key
Recovery, Key Escrow, and Trusted Third Party Encryption", concluded that
building a secure, economical key recovery infrastructure of the kind
required would be "beyond the current competency of the field." 

In the year since the report was first issued, there has been a great deal
of government, industry, and research activity toward designing,
prototyping, and building key recovery systems to meet government or
commercial requirements.  We have revisited our study to take into account
the latest work on key recovery and have issued an updated study.  The
report, published by the Center for Democracy and Technology, was released
at the 1998 EPIC Cryptography Conference in Washington DC on June 8th. 

The 1998 edition of "The Risks of Key Recovery" report is now available on
the web at: 

	<http://www.crypto.com/key_study>

>From the report's preface:

  One year after the 1997 publication of the first edition of this
  report, its essential finding remains unchanged and substantively
  unchallenged: The deployment of key recovery systems designed to
  facilitate surreptitious government access to encrypted data and
  communications introduces substantial risks and costs.  These risks
  and costs may not be appropriate for many applications of encryption,
  and they must be more fully addressed as governments consider policies
  that would encourage ubiquitous key recovery.

The reports authors include Hal Abelson, Ross Anderson, Steven M.
Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Peter
G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, and Bruce Schneier. 



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNX6m/Oe1NzV7EsRFAQG+4gP/RjjIx0bka1t109m6hCng50LufgzbIazy
x3lUZsBNdowOOnF9ox83feyz21gt1/nPBDkC4KBkunLyQUnIEtKVxy+QFM8/9Rx7
wcBUBFVQByjtJsDM0blv/B37K+UPnBT/rPIsj3pPXE+VTv9bv1XPerFtB0T0QmoK
wvjjMJ2oxFY=
=Qpz8
-----END PGP SIGNATURE-----

-o-
Subscribe: mail majordomoat_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

Next message: mea culpa: "[ISN] US Crypto policy hurting American business..."
Previous message: mea culpa: "[ISN] Big Step Toward Net Security (IBM/Equifax)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:39 PDT