In fact, I must confess that I don't understand the logic behing those law
proposals. In any PK systems, the document is encrypted with the public key
of the *recipient*. Let's suppose that some stranger send me an unsolicited
document encrypted with a key different from mine: how am I supposed to
decrypt it? And can I really be thrown to jail for that??
The only way to enforce such prescriptions would be to outlaw any encryption
not performed using government-mandated cryptosystems and keys issued by
government-regulated CA's. Luckily, that sounds unlikely to be accepted.
Enzo
----- Original Message -----
From: Marc Horowitz <[EMAIL PROTECTED]>
To: Russell Nelson <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, February 12, 2000 2:34
Subject: Re: Coerced decryption?
> Russell Nelson <[EMAIL PROTECTED]> writes:
>
> >> Nobody's mentioned the possibility of an encryption system which
> >> always encrypts two documents simultaneously, with two different keys:
> >> one to retrieves the first (real) document, and the second one which
> >> retrieves to the second (innocuous) document.
>
> The coercer is likely to know you're using such a system (if nothing
> else, ciphertext more than incrementally larger than plaintext is a
> red flag), and will demand both documents. I could conceive of stego
> which might permit this, since large expansion ratios are normal, but
> if you're doing stego, and they're asking for keys, you've already
> lost.
>
> I'm curious how they plan on dealing with perfect forward secrecy.
> Practically, it means they can't usefully demand session decryption,
> which makes the law's usefulness somewhat questionable. Conveniently,
> I can very likely *prove* that I no longer have the key, since the
> software will delete it as soon as the session ends, and my wetware
> never even knew the key.
>
> Marc
>
