How to proceed? (was What has really changed)

Nicholas Bohm nbohm at ernest.net
Sat, 14 Aug 1999 11:01:54 +0100 

At 05:57 PM 8/13/1999 +0100, Charles Lindsey wrote:
>	On Fri, 13 Aug 1999 12:56:59 +0100
>	"Brian Gladman" <gladman@seven77.demon.co.uk> said...

[snip]

>> I believe that allowing any form of access to keys in the Bill will be
>> dangerous because of the difficulty of legally defining the properties of
>> cryptographic keys in a way that protects some from access while allowing
>> others to be obtained.
>
>Well I had a long read of the Bill on a train journey this week, and I
>think a wording to cover this could be made.

A procedure is needed more than wording.  The requirement to disclose a key
is already capable of being satisfied by a session key under the existing
definitions.  But the keyholder can only produce a session key when in
possession of the ciphertext, so there needs to be a procedure under which
the obligation to disclose the key is conditional on prior delivery to the
keyholder of the ciphertext unless he waives the condition because he has
the ciphertext in his possession.

The objective this will not meet is real-time decryption of future messages
using a disclosed key.  If, as I think, publishing a key revocation is not
enough to constitute the tipping off offence, then that objective is not
realisable.  Even if revocation is an offence, with the resulting offensive
absurdities that have been explored in this list, covert tipping off (e.g.
by a previously agreed omission of a usual greeting, etc) will render the
objective liable to frustration in all but the trivial cases.

My central point is that all this will have to be argued through in
substance, and that wording issues are minor.

>At any rate, I think it is time we stopped talking generalities on this
>list and got down to making constructive suggestions. We have to make
>comments by October 8th, and the difference this time (since we have the
>hard text of a bill) is that it makes sense to propose detailed textual
>amendments and to propose specific wordings.

I think it is more useful to propose changes by reference to the effect
intended.  If accepted in substance, the Government never accepts anyone
else's wording, however good, because it was Not Invented Here.  We are not
yet at the point of proposing amendments for MPs to put down.

>But may I suggest that what we really need is a small cross-party group
>of MPs with sufficient clue to get to grips with the technicalities
>of this bill. If it come to the point where the bill as it currently
>stands is the one put before parliament, then such a group of MPs
>would be essential in order to table such amendments (though hopefully
>representations made before October 8th will have achieved some
>improvements).

The Trade and Industry Select Committee is very much what you are describing.

Regards,

Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone		01279 871272	(+44 1279 871272)
Fax		01279 870215	(+44 1279 870215)
Mobile   	0860 636749  	(+44 860 636749)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF