Trustworthy contacts

John Young ukcrypto at maillist.ox.ac.uk
Sun, 10 Sep 2000 13:08:09 -0400 

Brian,

In the light of your advocacy of close looks at any public
crypto that you would trust, what is you opinion of the
AES candidates? Do you think the one selected will
be reliable for public use, that is, to get down to brass
tacks, would you trust it for your personal use? Or would
you be suspicious because of who is running the
contest and making the selection?

To restate the perhaps obvious, crypto trustworthiness for
government use does not gurarantee it is trustworthy
for private use, although the two are at times conflated,
at least by those who trust governments to do the right
thing in protecting private matters.

As more is learned of past governmental abuses of
public trust, and current plans to betray it more openly 
with RIP, Carnivore, and similar programs, is it inevitable
that what is considered trustworthy by governments will
be untrustworthy by those outside of government?

AES in some places is advanced as a solution to this
dilemma, and it would be swell to have the inventors
of the candidate algorithms to state in public how they
see the public trustworthiness prospects for their work
now that intrusive surveillance and interception programs 
have burgeoned worldwide since the AES contest
began.

These statements could provide a standard for comparison 
with the tarnished prospects for PGP  -- or for that matter 
any other program which offers assurances that "even 
governments cannot violate your privacy if you use this." 
Despite governments determination to render all such claims 
forever false -- whether by going around crypto protection, 
backdoors, compromising algorithsm and their implemetation 
or by spreading disinformation by regulation, legislation and
intimidation of "use crypto, go to jail."

Bruce Schneier's recent declaration that encryption provides
no assurance of protection is worth pondering. And it would 
be valuable for the other AES contenders, and perhaps their
cryptologic peers, to openly declare what they think of AES.

Is AES a Trojan Horse abuilding? Worse, is public encryption a 
trojan of even greater deception.

The spate of books appearing in the past few years about
previously undisclosed cracking of encryption, and frank
admissions that nation's will never disclose the mostly closely
guarded cracks and other means of getting around encryption,
does a lot to undermine confidence that encryption it as
good an information protection method as it has been touted 
for the years, say, of Public Key advocacy.

Whether these books and their disclosures are wholly honest, 
or examples of disinfo, might be debated. For who knows
for sure in our era of obsessively withheld secrets and
magnanimously proffered trustworhiness.