Dutch Government wants to regulate strong cryptography

[Owen Blacker]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Remco wrote (2001-10-10 T 21:42 -0000):
>
> >  > and how would they be able to build in a backdoor
> >
> > There are several methods for that. The most straightforward one
> > would be to use an ADK.
>
> Eeeeehhhh, Ai Don't Know?  A Dumb Kwestion?

Additional Decryption Key.  It was a corporate-requested feature in NAI
PGP that has never been (and, at a guess, is very unlikely ever to be)
implemented in GPG.

Basically, it allows to keyholder (to be forced) to nominate an
additional secretkey that can be used to decrypt any information
encrypted to their secretkey.

The stereotypical usage would be for a
company to ensure that all business comms from their staff were
encrypted with keys that nominated the Company Key as an ADK so that, if
the need arose, the company could decrypt those comms (if the staff
member left / died / whatever).

Obviously, it could also be used to grant law enforcement access, for
example, but I think it would be ridiculously futile to attempt to
legislate that this be mandatory.  Governments just don't seem to grasp
that Bad People won't bother following the law on crypto use and will
just use un-broken crypto.


O x
- -- 
Owen Blacker | Senior Software Developer and InfoSecurity Consultant
See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys
Sig  0x3e2056b9 | 18cd 92aa 32aa 81b9 f5e8  c520 6475 6239 3e20 56b9
- --
They that can give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety --Benjamin Franklin, 1759
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7xZYiZHViOT4gVrkRApRGAKC9NDK1N5YjSvF/LdeSVDjap2NTOACg2U1S
PLfE0ruWvsvN3B4I8iElwRI=
=IHdQ
-----END PGP SIGNATURE-----