-----BEGIN PGP SIGNED MESSAGE-----
At 10:43 PM 3/9/00 -0500, Arnold G. Reinhold wrote:
[much deleted]
>In particular a satellite is pretty much subpoena proof.
>The subpoena threat is very real for CryptoTime, Inc.
>because courts tend to lean in favor of granting them, even
>if the underlying case presented is weak. E.g. Jones v.
>Clinton. So someone with a fairly frivolous case can
>undermine confidence in the whole system even assuming
>CryptoTime has the best of intentions.
Actually, the subpoena threat means that we need to put the
entities holding shares of the secret in places where even
we can't find them. In the extreme case, there's some
machine somewhere with e-mail access, which may carry some
cover traffic of some kind, and which holds some secret
until a specified date. On that date, it sends it out. The
setup procedure has to establish this machine (or a set of
such machines) in such a way that ideally nobody ends up
knowing where they are, and that there's no way for anyone
to figure out which time-delayed secret is being held on
which machine.
>All that said, I still think a ground based system using
>multiple repositories in many jurisdictions is worth trying.
Multiple-jurisdictions is better than nothing, but it's
still better if there's essentially no way to determine
where the secret is being held other than to literally
search every machine on the net. The attacker needs to end
up with an utterly intractable problem.
[stuff deleted]
>>The real answer, though, is that you're probably right --
>>there's too much temptation in this field to use technical
>>mechanisms, when contract law will suffice.
>You may be right in practice, but it seems to me that a
>major goal of crypto research is to figure out how do do
>things in a way that does not rely on contract law and other
>forms of "trust me."
I have mixed feelings about this. On one hand, the legal
system in the US looks fundamentally broken to me. On the
other, even massively overworked, corrupt, or incompetent
judges are *human*. We are on the verge of building
computer systems which are intentionally outside the reach
of any human control. We've done this to some limited
extent now with anonymous remailers and even the internet.
But this means that these systems are really outside human
control. The trivial example of this is using PGP to
encrypt all your files with a long, hard-to-guess
passphrase, and then forgetting the passphrase. If you do
this, you're just out of luck--your files are gone. In one
sense, this is much better than storing your files
unencrypted in a safety deposit box on ZIP disks: you don't
have to trust that the bank won't drill out your box and get
at the contents, or that someone won't have made a copy of
the key before you got it, or that a court somewhere will
order the box opened so your ex-wife's lawyers can read
through your private files. But it also means that there's
no human that can open your files for you when you forget
the passphrase. It means that if you die, all the
information you encrypted is forever lost to the world. It
means that no matter how good a reason exists, nobody can
get that information without the original passphrase.
In this context, I'm reasonably comfortable with things.
But when we talk about the general automated contract
enforcement schemes, I worry a lot about what weird
unforseen interactions will happen. This is especially
worrisome when the system is designed so that there's no
human in the loop to make a judgement about whether there's
something going wrong. Does the car stop working when
your payment is a month late? Does this happen even when a
major terrorist attack has taken down the whole payment
system for the last month, with the result that half the
cars on the road stop on the same date? Does the car
suddenly become yours for free an hour after someone posts
the recently-compromise top-level key for the payment
system's CA hierarchy? Do thousands of cars suddenly stop
an hour after someone starts using the recently-compromised
top-level key for the bank's e-repo-man division?
>Arnold Reinhold
- --John Kelsey, [EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
Comment: foo
iQCVAwUBOMicQCZv+/Ry/LrBAQGT+AP5AVNQWZLDDnJh2t5e9pOUBZepGSw6Cd8w
9a2RLhcszembrYLx11xL8WiPys75nG2oueXfxPamuI20w2bNhzO42NCyGVusOXfe
DCKNKZiDI74dPdXAeG4u8tH0wV4TNxZgTgO/94+lNKOBssu+eIyKZibdhD2TpbDM
VtBsj61vhnA=
=8/sK
-----END PGP SIGNATURE-----
