Steven M. Bellovin wrote: ...
Legal access is a special case -- what is the law (and practice) in any given country on forced access to keys? If memory serves, Mike Godwin -- a lawyer who strongly supports crypto, etc. -- has opined that under US law, a subpoena for keys would probably be upheld by the courts. I believe that British law explicitly mandates key disclosure. And of course, there's always rubber hose cryptanalysis in jurisdictions where that's acceptable.
In the UK Part III of the Regulation of Investigatory Powers Act 2000 - see http://www.opsi.gov.uk/Acts/acts2000/20000023.htm - includes powers for certain classes of officials to require encrypted materials to be decrypted or to require a key to be provided. There are some safeguards, regarded by some as insufficient.
The powers have not yet been brought into force, but the Government intends to bring them into force in the near future.
The powers are of course wholly ineffectual where perfect forward secrecy obtains, are of limited value in relation to ephemeral encrypted communications where keys are (or may plausibly be claimed to be) changed frequently or lost, but may be of some real value in relation to encrypted storage media where key preservation, with or without key recovery mechanisms, will obviously be important to most users.
Nicholas Bohm -- Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (+44 1279 870285) Mobile 07715 419728 (+44 7715 419728) PGP public key ID: 0x899DD7FF. Fingerprint: 5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
