Forwarded From: "Jay D. Dyson" <jdyson@techreports.jpl.nasa.gov>
-----BEGIN PGP SIGNED MESSAGE-----
Courtesy of Cryptography List
Posted by Matt Blaze <mab@research.att.com>
In May of last year, a group of 11 cryptographers and computer security
researchers released a technical study of the risks, costs, and
complexities of deploying so-called "key recovery" systems proposed by the
U.S. and other governments. The report, entitled "The Risks of Key
Recovery, Key Escrow, and Trusted Third Party Encryption", concluded that
building a secure, economical key recovery infrastructure of the kind
required would be "beyond the current competency of the field."
In the year since the report was first issued, there has been a great deal
of government, industry, and research activity toward designing,
prototyping, and building key recovery systems to meet government or
commercial requirements. We have revisited our study to take into account
the latest work on key recovery and have issued an updated study. The
report, published by the Center for Democracy and Technology, was released
at the 1998 EPIC Cryptography Conference in Washington DC on June 8th.
The 1998 edition of "The Risks of Key Recovery" report is now available on
the web at:
<http://www.crypto.com/key_study>
>From the report's preface:
One year after the 1997 publication of the first edition of this
report, its essential finding remains unchanged and substantively
unchallenged: The deployment of key recovery systems designed to
facilitate surreptitious government access to encrypted data and
communications introduces substantial risks and costs. These risks
and costs may not be appropriate for many applications of encryption,
and they must be more fully addressed as governments consider policies
that would encourage ubiquitous key recovery.
The reports authors include Hal Abelson, Ross Anderson, Steven M.
Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Peter
G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, and Bruce Schneier.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNX6m/Oe1NzV7EsRFAQG+4gP/RjjIx0bka1t109m6hCng50LufgzbIazy
x3lUZsBNdowOOnF9ox83feyz21gt1/nPBDkC4KBkunLyQUnIEtKVxy+QFM8/9Rx7
wcBUBFVQByjtJsDM0blv/B37K+UPnBT/rPIsj3pPXE+VTv9bv1XPerFtB0T0QmoK
wvjjMJ2oxFY=
=Qpz8
-----END PGP SIGNATURE-----
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Wed Jun 10 18:02:01 1998