GAK-hostile applications (Re: DTI Policy Response)

[Adam Back]

Ross Anderson <Ross.Anderson@cl.cam.ac.uk> writes:
> [...]. I will continue designing and using GAK-hostile systems; [...]
> 
> By the way, if you want to see a really GAK-hostile system, take a look 
> at the Steganographic File System, on www.cl.cam.ac.uk/~rja14/#Tempest. 
> This is just what the doctor ordered for Mrs Roche's dreaded 
> `decryption warrant'.

What we need in the way of GAK hostile applications to combat these
government communication key grabbing attempts is some GAK-hostile
communications software.

So we could use forward secrecy and textual steganography.

Forward secrecy would be useful because the private components of
communication keys are destroyed as soon as practical after use -- the
warrant delivered next week is thwarted because you can't hand over
the key if you wanted to.

Textual steganography would be useful to add plausible deniability of
existance of private communications (useful as the UK government seems
to be hostile to the notion of private communications:-)

I have been trying to interest Phil Zimmermann and others at PGP in
adding automated support for short lived communication keys to their
client, key server and gateway implementations.

Perhaps someone who is going along to see him at tomorrows meeting
could further persuade him of the merits of forward secrecy :-)

I have a paper online discussing forward secrecy issues with PGP in
the context of their CMR corporate message recovery architecture:

	http://www.dcs.ex.ac.uk/~aba/cdr/

and another on GAK-hostile design principles:

	http://www.dcs.ex.ac.uk/~aba/grdesign/

Also Ian Brown and I have a paper on forward secrecy approaches for
email communications, perhaps he can post a URL.

Adam
-- 
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`