On Sun, Oct 19, 1997 at 10:25:08AM +0100, Adam Back wrote:
Toto <toto(_at_)sk(_dot_)sympatico(_dot_)ca> writes:
Kent Crispin wrote:
You keep talking as if your CDR proposal is other than vaporware. So
far as I have seen you don't have a proposal, you have a wish.
Given Adam's many accomplishments in the arena of CypherPunks issues,
I find it hard to make a case for his discussion in this area to be
mere mental masturbation.
Thanks for the vote of confidence Toto.
Also I must raise the point that it is not a lone stand. Other people
are arguing against PGP Inc's CMR proposal, and are arguing for more
GAK resistant variants, and alternatives.
Apparently for some internal reason you must raise the point, but it
is irrelevant. I said your *proposals* were vaporware, not your
motivations. It is, as I have said, a waste of time (and yes, mental
masturbation) to argue about motivations.
[. citations of famous cryptographers and Kent Crispin snipped .]
However the biggest point of all is that: communications keys are more
valuable to any attacker (government, unscrupulous little brother, or
industrial spy) than storage keys.
I would be interested to see any one willing to burn their
reputational capital refuting that simple point.
*Long term* communication keys. Nobody is going to burn reputation
capital on that point because it's obvious, and really doesn't need to
be argued. Furthermore the point applies just as well to current PGP
keys. The *only* additional vulnerabilities of CMR come from 1) the
volume of data makes it a more interesting target and 2) the
management of the CMR key(s) may be problematic.
However, in a large organization the management of *user* keys is
problematic, as well, and management of the CMR key(s), on balance,
will probably be better. So the additional vulnerability of CMR comes
from the fact that it makes a lot of data accessible from one key.
This vulnerability could be reduced by having multiple CMR keys -- the
accounting dept has one, the CEO has one, and it is the same as his
private key that is not escrowed anywhere, etc etc etc.
[Is it true that the private key associated with a CMR public key
could simply be discarded, rather than escrowed, and everything would
still work? -- except that you couldn't recover anything, of course...]
A more interesting argument is as follows: what is the real level of
security needed for the business communications that will be covered
by CMR? It seems obvious that the level of security required, on
average, is really quite low. Note that businesses send all kinds of
important documents through regular mail, only protected *gasp* by
PAPER ENVELOPES.
Anyway, Adam, I anxiously await the paper you are working on that
gives the real details of your proposals. I'm sure it's readability
will be vastly improved if you religiously avoid the use of the word
GAK :-)
--
Kent Crispin "No reason to get excited",
kent(_at_)songbird(_dot_)com the thief he kindly spoke...
PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html