As I recall people were calling the PGP ADK feature corporate access to
keys, which the worry was, was only policy + config away from government
access to keys.
I guess the sentiment still stands, and with some justification, people are
still worried about law enforcement access mechanisms for internet &
telecoms equipment and protocols being used in places like Syria, Iran etc,
which is a quite similar scenario.
And as we all know adding key recovery and "TTPs" etc is a risk, cf
"The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption"
by Abelson, Anderson, Bellovin, Benaloh, Blaze, Diffie, Gilmore, Neumann,
Rivest, Schiller & Schneier.
http://www.crypto.com/papers/key_study.pdf
Not sure that we lost the crypto wars. US companies export full strength
crypto these days, and neither the US nor most other western counties have
mandatory GAK. Seems like a win to me :)
Adam
On Fri, Mar 30, 2012 at 12:24:47PM +1100, ianG wrote:
On 30/03/12 09:38 AM, Jon Callas wrote:
Also, there wasn't a PGP system. The PGP "additional decryption key" is really what we'd
call a "data leak prevention" hook today, but that term didn't exist then. Certainly,
lots of cypherpunks called it that at the time, but the government types who were talking up the
concept blasted it as merely a way to mock (using that very word) the concept.
And therein lies another story! Which always seems to end: and then
we lost the crypto wars. I treat it as a great learning experience.
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
