TTP Comments

Richard Clayton richard at turnpike.com
Fri, 24 Jul 1998 00:56:09 +0100 

In article <199807231136.HAA13153@camel8.mindspring.com>, John Young
<jya@pipeline.com> writes

>Second request: is there a URL for the comments
>on DTI's TTP proposal, and is this summary from 
>"Telecomms Fraud Review" accurate?

    http://www.dti.gov.uk/CII/respons.html

>"DTI Public Consultation paper on Licensing of Trusted 
>Third Parties for the Provision of Encryption Services 
>produced 260 responses, 129 by conventional mail or
>fax and 131 by e-mail. 102 were from organisations and 
>158 from individuals. Many expressed their views strongly.
>Some were very short and some very detailed. Some 
>comments appeared to be based on misconceptions and 
>some respondents seemed not to have fully read the paper. 
>Only a few approved the proposals without qualification.
>However most approved the idea of licensing TTPs, with 
>consumer protection as the main rationale. Most had some 
>criticisms of the document and some rejected it almost 
>entirely."

this is merely para 1 from the document, lifted verbatim

It is accurate as far as it goes. My recommendation (proposed before to
this list) is to read para 12 and add that to any summary...

"12 Many of the more technical responses questioned the effectiveness,
"or even the feasibility, of the key escrow proposals in the paper.
"Comments included:

there then follow seven substantive and generic objections to key escrow
systems....  quite a good summary of the critical technical viewpoint

"   it was wrong to make the assumption that TTPs would normally need to 
"   hold users' private keys; 
"
"   escrowing of private keys is contrary to absolutely basic
"   information security precepts; 
"
"   TTPs would constitute a single point of security vulnerability, and
"   be an attractive target; 
"
"   it was wrong to make the assumption that users would normally have
"   separate key pairs for authentication and confidentiality ; 
"
"   it was unclear whether a warrant would result in a session key being 
"   handed over, or a master key of some kind. If the latter, then any 
"   time limit specified in the warrant could be ignored;
"
"   the design, implementation and operation of the systems necessary to
"   make TTPs with key escrow workable would involve an unacceptable 
"   degree of pioneering and complexity; 
"
"   in conventional public key systems, warranted access to a user's
"   private confidentiality key would only enable decryption of their 
"   incoming traffic - to enable decryption of their outgoing traffic 
"   would require a warrant to each of their correspondents' TTPs.

so far we await the DTI's response to these objections. I am beginning
to think they will proceed without ever bothering to deal with the
problem that what they propose is not expected to work.

fortunately we will not *have* to use the licensed systems, but it does
seem a waste of parliamentary time to design a licensing system to label
which systems will be unsafe to use, only exist to comply with the
licensing system, and will not be used by anyone who understands the
issues, or who has been told by their professional body how unethical it
would be to use such a system.

-- 
richard                      richard.clayton    @    T U R N P I K E .com
 http://www.demon.net/news/features/crypto/  for Demon's views on crypto
"Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM