[ISN] Experts Criticise 'Too Risky' Key Recovery

From: mea culpa (jerichoat_private)
Date: Wed Jun 24 1998 - 21:44:29 PDT

  • Next message: mea culpa: "[ISN] Managing - Cyberscares - E-Mail Hoaxes Press 'Aggravate' Button"

    [Moderator: Back from a business trip, lots of recent submissions. Will
     try to stagger them somewhat..]
    Forwarded From: Nicholas Charles Brawn <ncb05at_private>
    By David Bicknell
    Cryptographic experts have repeated their criticism of key recovery
    encryption systems, claiming the current design remains "technically
    challenging" and risk and costs are "poorly understood".
    They insist in a report, The risks of key recovery, key escrow and trusted
    third party encryption, that government demands for law enforcement access
    similar to that required in the recent UK government document on trusted
    third party services will also substantially amplify the associated costs
    and risks.
    The authors admit that this year has seen a wide range of government,
    industry and academic attempts to prototype and standardise key recovery
    This has been prompted by US government policies that offer favourable
    treatment to firms that agree to designing key recovery features into
    products, and by UK moves to link the licensing of certification
    authorities to the use of key recovery software.
    But the specialists, who include Whit Diffie, Ron Rivest, Peter Neumann and
    Cambridge University's Ross Andersen, claim that although the importance of
    cryptography has gained broader recognition in the past year, their views
    on its implementation in key recovery systems remains unchanged from a
    report published a year ago (www. cdt.org/crypto/ risks98).
    They suggest there is a significant risk that widespread insertion of
    government-access key recovery systems into the information infrastructure
    will exacerbate the potential for crime and information terrorism.
    Through the key holes, p36
    "Increasing the number of people with authorised access to the critical
    infrastructure will increase the likelihood of attack, whether through
    technical means, by exploitation of mistakes or through corruption," the
    experts said. 
    COMPUTER WEEKLY 18/06/98 P12 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:36 PDT