plaintext vs private/session keys (Re: What has really changed ...)

[Adam Back]

Alistair Kelman writes:
> Provided that you can satisfy the authorities that the plaintext really is 
>  decrypted from the cyphertext then fine. I presume that this could be 
> done by encrypting the plaintext using the public key. 

This has already been discussed several times: disclosing plaintext in
such a way that it can be verified to be the correct plaintext
corresponding to the seized ciphertext is effected by disclosing the
session key.

> I refrained from putting it this way because the law tries to limit 
> specific performance. Requiring a citizen to hand over his key, on the 
> face of it, appears to be a lessor act than requiring the citizen to use 
> his key to decrypt a particular message. 

Huh?  Handing over session keys is effectively equivalent to handing
over plaintext; and handing over private keys is a lot more intrusive
than handing over session keys because it reveals all past comms
encrypted with the key.  I don't see how you can claim handing over
keys is 'lessor act' than handing over plaintext.

> The option for the citizen to perform the decryption without handing
> over his key should be included in the legislation.

As Brian and others speculated I expect you will find that this
doesn't fit into the world view of those drafting the regulations.  I
expect they specifically want private keys *so* that they can decrypt
past, and possible future traffic.

Adam