DTI Policy Response
Charles Lindsey
chl at clw.cs.man.ac.uk
Thu, 30 Apr 1998 15:21:53 +0100
On Thu, 30 Apr 1998 11:43:02 +0100
Richard Clayton <richard@turnpike.com> said...
> I cannot imagine Barclays (for example) being too keen to hand over
> their private keys to a Detective Sergeant merely because one encrypted
> message came from a bad guy.... They will (possibly even willingly) be
> prepared to hand over the session keys or plaintext -- but if they have
> used a licensed TTP then the dishonest (or just lazy) Detective Sergeant
> may go there first, and the TTP will _only_ have the private keys to
> hand over.
Actually no. The TTP has the same options as Barclays. It can offer
to decrypt any message supplied to it by the warrant holder or, more
likely, to provide the session key for any message supplied to it (for
which purpose it only needs to be given the header of the message, so it
does not get to read the plaintext). And it can probably provide this
service to the warrant holder in a timely manner once it is satisfied of
the authenticity of the warrant.
BTW, I see no mention in the proposals of the likelihood that a TTP
obeying "best practice" would hold only a part of the secret key, with
other TTPs holding the other parts of it. The Statement does not seem to
take this possibility into account.
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Email: chl@clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5