DTI Public Consultation Paper on Licensing of Trusted Third Parties for the Provision of Encryption Services - Summary of Responses

Richard Clayton richard at turnpike.com
Mon, 27 Apr 1998 21:18:41 +0100 

In article <E0yTqgR-00043a-00@gizmo.lut.ac.uk>, martin@mrrl.lut.ac.uk
writes

>(converted to text from RESPONS.DOC)

I have reformatted this very interesting section of this document
because as a lump it rather loses its effectiveness...

>12. Many of the more technical responses questioned the effectiveness,
>or even the feasibility, of the key escrow proposals in the paper.
>
>Comments included:
>
>   it was wrong to make the assumption that TTPs would normally
>   need to hold users' private keys;
>
>   escrowing of private keys is contrary to absolutely basic
>   information security precepts;
>
>   TTPs would constitute a single point of security vulnerability, 
>   and be an attractive target;
>
>   it was wrong to make the assumption that users would normally
>   have separate key pairs for authentication and confidentiality;
>
>   it was unclear whether a warrant would result in a session key
>   being handed over, or a master key of some kind.  If the latter,
>   then any time limit specified in the warrant could be ignored;
>
>   the design, implementation and operation of the systems
>   necessary to make TTPs with key escrow workable would involve an
>   unacceptable degree of pioneering and complexity;
>
>   in conventional public key systems, warranted access to a user's
>   private confidentiality key would only enable decryption of their
>   incoming traffic - to enable decryption of their outgoing traffic
>   would require a warrant to each of their correspondents' TTPs.

In my opinion, almost any single one of these points would be sufficient
to stop a government which was actually interested in information
security to discard key escrow as a policy.

It was very kind of the DTI to list them (so neatly) for us to study.

Can we add any more to this list before taking this up with the DTI and
asking them to show how these points could possibly be without merit ?

One assumes the DTI must have some reason for disagreeing with these
technical observations because otherwise they would not still be
insisting on key escrow :

    para 12 "Licensed service providers that provide encryption services
    will, therefore, be required to make recovery of keys (or other
    information protecting the secrecy of the information) possible
    through suitable storage arrangements.

I look forward with great interest to reading the DTI rebuttal of these
overwhelming objections to their proposed policy.

Fortunately for overall security, the DTI has seen some sense and we
will be able to use unlicensed services, and in the end, the "Licensed
to Leak" systems will, once people understand the risks, wither away. I
foresee great confusion ahead whilst this happens :(

>In addition, the merits of key recovery over key escrow were argued,
>although there were varying understandings of those terms.

Mainly due to weak drafting of the original proposal which treated the
two terms as interchangeable (even going so far as to define them to be
the same in Annex D).

>13. By far the most common single point made against the lawful access
>proposals however, was that the key escrow mechanism might be
>by-passed by criminals etc. who are the authorities' potential
>targets.  Examples of several such by-pass techniques were given.  The
>answer to this objection given in the 'FAQ' section of the paper
>("Criminals will often make use of whatever technology is conveniently
>available to them...") was not considered convincing.  The conclusion
>drawn was that the proposals would bring cost and complexity to
>law-abiding users while not necessarily achieving the results the law
>enforcement authorities want.

Some kind consultant explaining the issues for us.

However, before we take "Licensed to Leak -- and here's what else the
DTI has been told is wrong" as the agenda, and we see how "convincing"
the government can be this year - does the list think that there are
further "technical" points which have been conveniently omitted ?

-- 
richard                      richard.clayton    @    T U R N P I K E .com
 http://www.demon.net/news/features/crypto/  for Demon's views on crypto
"Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM