[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPKI signing keys only

At 8:49 AM -0700 6/27/97, Bob Jueneman wrote:
>>>> Bill Frantz <frantz@netcom.com> 06/26/97 10:30PM >>>
>>At 2:48 PM -0700 6/26/97, Brian M. Thomas wrote:
>>>Any other discussion?
>>I know of no technical way to prevent people from using signing keys for
>>encryption.  If it becomes legally required, then all signing applications
>>will have to be approved before sale.  Since the math for some crypto
>>operations is so simple, roll-your-own becomes simple and the requirement
>>is just so much FUD.  For example, consider Diffie Hellman key exchange.
>>We can eliminate the man in the middle by signing the data transferred as
>>part of the protocol.  We are just using the public/private key pairs for
>>signing, but anyone with a crypto library can use the signing to give
>>authenticated key exchange with perfect forward security.
>>Enforcing GAK is a political problem.  There is no technical solution.
>That's a little too strong.  It's a royal pain, but it can be done.
>Keys can be typed as to what uses are allowed, and either the operating
>system or a trusted device such as a smart card can deny access to such keys
>except by approved, protocol-specific library functions. All of this assumes
>that users and general-purpose applications cannot access keys in raw form,
>but only handles to them.

I think we are talking at cross purposes here.  Alice uses a GAKed signing
key to sign (for authentication purposes) a piece of data.  That goes thru
the magic box and everything is kosher.  She then sends that data to Bob.
Bob generates some data signs it and sends it in the same manner as Alice.
They then use that data with DH to generate a session key which they use in
an illegal symmetric encryption system.

Yes, they had to provide their own implementation of DES/IDEA/CAST/RCx
etc., but they were able to bootstrap authentication into their protocol on
top of a GAKed signing system.  The only way to prevent them from doing
this would be to prevent signing arbitrary pieces of data.  Such a system
would not be very useful.

The kind of controls you suggest will be followed by the honest, not by the
terrorists/drug dealers/child pornographers/money launderers who are the
stated target of GAK.

Bill Frantz       | The Internet was designed  | Periwinkle -- Consulting
(408)356-8506     | to protect the free world  | 16345 Englewood Ave.
frantz@netcom.com | from hostile governments.  | Los Gatos, CA 95032, USA