[Moderator: Back from a business trip, lots of recent submissions. Will try to stagger them somewhat..] Forwarded From: Nicholas Charles Brawn <ncb05at_private> 18Jun98 UK: EXPERTS CRITICISE 'TOO RISKY' KEY RECOVERY. By David Bicknell Cryptographic experts have repeated their criticism of key recovery encryption systems, claiming the current design remains "technically challenging" and risk and costs are "poorly understood". They insist in a report, The risks of key recovery, key escrow and trusted third party encryption, that government demands for law enforcement access similar to that required in the recent UK government document on trusted third party services will also substantially amplify the associated costs and risks. The authors admit that this year has seen a wide range of government, industry and academic attempts to prototype and standardise key recovery systems. This has been prompted by US government policies that offer favourable treatment to firms that agree to designing key recovery features into products, and by UK moves to link the licensing of certification authorities to the use of key recovery software. But the specialists, who include Whit Diffie, Ron Rivest, Peter Neumann and Cambridge University's Ross Andersen, claim that although the importance of cryptography has gained broader recognition in the past year, their views on its implementation in key recovery systems remains unchanged from a report published a year ago (www. cdt.org/crypto/ risks98). They suggest there is a significant risk that widespread insertion of government-access key recovery systems into the information infrastructure will exacerbate the potential for crime and information terrorism. Through the key holes, p36 "Increasing the number of people with authorised access to the critical infrastructure will increase the likelihood of attack, whether through technical means, by exploitation of mistakes or through corruption," the experts said. COMPUTER WEEKLY 18/06/98 P12 -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:36 PDT