how long will GAK licensing remain `voluntary' (Re: UK crypto policy announcement today at 3:30pm)

Adam Back aba at dcs.ex.ac.uk
Mon, 27 Apr 1998 23:04:18 +0100 

Tim Stammers <tim_stammers@dial.pipex.com> writes:
> DTI has issued 3 page press release and six page detail document. Try Press
> office on 0171 215 5961 for copies.  Says voluntarily licenced CA's will
> offer 'presumption of legal recognition' of signatures AND....(much later
> in detail) 'licenced service providers will be required to make recovery of
> keys possible through suitable storage arrangements.'
> 
> Is this escrow by the back door?

It is out-right GAK or key recovery or whatever the nom de jour is,
yes.  `Key recovery' as in the text you quoted has no meaning for
signature only keys, because you almost by definition do not want to
escrow the private halves of those because that allows forgery.

So they are talking about voluntary licensing, if you license then you
required to escrow private encryption keys to allow snooping of users
communications.

It's voluntary in it's current wording; I predict as long as it
remains voluntary the only people who will register will be a few GAK
sell outs like IBM who would sell out anyway.

Watch out for the `voluntariness' to be eroded over time -- it being
used as the thin edge of the wedge, same as in the US where gradually
FBI rhetoric has been shifting to mandatory (if voluntary doesn't work
-- and it won't work by definition -- mobsters and drug barrons won't
use GAKed systems).

> How many commercially-used encryption packages use the same key for
> signing and encrypting? (or is this unimportant?)

PGP 2.x does, and some others also -- this could be used as a
technical argument against the GAK voluntary licensing nonsense --
from a licensed TTPs point of view: 

  we use one key for both signing and encrypting, if we store private
  encryption key, we have also store private signature key, because it
  is the same key, and now we have diminished the value of signatures
  because they can be forged.

Adam
-- 
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`