RIP FOR INDIVIDUAL RIGHTS: HOME OFFICE RESPONSE TO UKCRYPTO

Ian G Batten I.G.Batten at ftel.co.uk
Mon, 20 Mar 2000 09:21:15 GMT 

This is a multi-part message in MIME format...

------------=_953544067-5790-0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Md5: GkiM/3OgOPC1pUROLRnNCw==

> exchanges will work IF the police could prevent the key-holder from physi=
cally
> revoking the certificate/public key (which, in reality, they probably can=
),

I don't see how, at least not long term.  I realise that the recent Leo
Marks book casts doubt, to put it mildly, on the ``security checks''
used in SOE traffic, but there are a million and one ways you can
imagine for keys to be revoked by third parties, possibly autonomous
ones.=20=20

The obvious thing is an agent that watches a web page, which has updates
made to it in a particular way to forestall automatic revocation.  Or
news postings.  If the ``signing keys are exempt'' clause is valid, my
agent just watches uk.misc, and if I don't post something with a valid
signature for 72 hours, it nukes my keys.  I could have a human
confederate outside the UK watch my postings, and if my style changed,
s/he could issue the revocation manually if required, if I were very
paranoid.=20=20

> 2. Since, by default, most people do not keep ready revocation procedures
> lodged with a trusted third party (Hey, finally found a need for them!), =
this

But they should.  And if that third party is offshore, the provisions of
the RIP are not signficant since most countries will not extradite for
an `offence' that isn't an offence in the local jurisdiction.  An
offshore revocation agency, with a variety of ``I'm OK'' signals
available, would be an interesting proposition, legally and morally.
Once a [interval] you are mailed a piece of text, disguised as spam.
You append a shared secret, which need not be fixed (it could include
today's FTSE-100), MD5/SHA/whatever the whole mess and then use four
chosen bytes as part of the message ID of your reply.

ian

------------=_953544067-5790-0
Content-Type: application/pgp-signature
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: PGP Information

-----BEGIN PGP MESSAGE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: CjhLbl8lgwQBap4WBXbYnVxdAGK7jecW

iQB1AwUBONXtg8oy0yij3IvtAQG5pQMAl1TGEgNGFS5soIvwvlJohZnAFxo8ApuF
i+NzcPbZToA53/YagjBpXIh+yOOsPTmeG1MNHmgHzebiRRipQ27SG7cdLS65o/9X
ocUipsHAL4IjR9tq6eaowTZlkxj6M3u2
=xDz6
-----END PGP MESSAGE-----
------------=_953544067-5790-0--