[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Experts Criticise 'Too Risky' Key Recovery
From:       mea culpa <jericho () dimensional ! com>
Date:       1998-06-25 4:44:29
[Download RAW message or body]


[Moderator: Back from a business trip, lots of recent submissions. Will
 try to stagger them somewhat..]

Forwarded From: Nicholas Charles Brawn <ncb05@uow.edu.au>

18Jun98 UK: EXPERTS CRITICISE 'TOO RISKY' KEY RECOVERY.
By David Bicknell
 
Cryptographic experts have repeated their criticism of key recovery
encryption systems, claiming the current design remains "technically
challenging" and risk and costs are "poorly understood".

They insist in a report, The risks of key recovery, key escrow and trusted
third party encryption, that government demands for law enforcement access
similar to that required in the recent UK government document on trusted
third party services will also substantially amplify the associated costs
and risks.

The authors admit that this year has seen a wide range of government,
industry and academic attempts to prototype and standardise key recovery
systems.

This has been prompted by US government policies that offer favourable
treatment to firms that agree to designing key recovery features into
products, and by UK moves to link the licensing of certification
authorities to the use of key recovery software.

But the specialists, who include Whit Diffie, Ron Rivest, Peter Neumann and
Cambridge University's Ross Andersen, claim that although the importance of
cryptography has gained broader recognition in the past year, their views
on its implementation in key recovery systems remains unchanged from a
report published a year ago (www. cdt.org/crypto/ risks98).

They suggest there is a significant risk that widespread insertion of
government-access key recovery systems into the information infrastructure
will exacerbate the potential for crime and information terrorism.
Through the key holes, p36

"Increasing the number of people with authorised access to the critical
infrastructure will increase the likelihood of attack, whether through
technical means, by exploitation of mistakes or through corruption," the
experts said. 
COMPUTER WEEKLY 18/06/98 P12 

-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

[prev in list] [next in list] [prev in thread] [next in thread]