22 November 1998: Add Dave Del Torto message
17 November 1998
To: Philip Zimmermann <prz@pgp.com> From: John Young <jya@pipeline.com> Subject: KRA on NAI/KRA Date: 22 November 1998 cc: cabe.franklin@cbpr.com, cypherpunks@ssz.com Phil and Cabe, For your info. Response will be very welcome. John ----- Date: Sun, 22 Nov 1998 05:27:31 -0800 To: pgp-users@joshua.rivertown.net, cryptography@c2.net From: Dave Del Torto <ddt@lsd.com> Subject: KRA on ADK vs KR, NAI membership Cc: coderpunks@toad.com, ukcrypto@maillist.ox.ac.uk -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary: (1) The Key Recovery Alliance will analyze the viability of PGP's ADK technology as an alternative to escrowing of keying material and intends to publish its position. (2) Network Associates IS a member of the KRA as of July 2, 1998. Note that date is ~6 months after NAI represented itself as having withdrawn. (3) Corporate contacts for KRA member-companies are not public information. I have also inquired about who the KRA contact person is at NAI. dave -----BEGIN PGP SIGNATURE----- Version: PGP 6.0 Comment: Get interested in computers -- they're interested in YOU! iQA/AwUBNlgRApBN/qMowCmvEQLm7wCgx+7sBVgBQsXisQLJswx3w7a16Q0Anii3 XOzJzZxEMqd9YnMlz93U+iXX =eHxw -----END PGP SIGNATURE----- ................................. cut here ................................. My Inquiry to the KRA: To: info@kra.org Subject: request for information -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I have some questions about the KRA. 1. In your FAQ <http://www.kra.org/FAQS1209.html>, you state that one of the organization's goals is to: "Serve as a focal point for industry efforts to develop commercially acceptable solutions for recovery of encrypted information" This seems to allow that there may be valid encrypted _data_ recovery methods other than _key_ recovery using the KRA's "common key recovery block" (still under discussion). However, I'm not aware of the KRA's public position on the recovery of plaintext using cryptographically sound and ethically responsible alternatives to the escrowing of keys in organizational situations, e.g. PGP's Additional Decryption Key (ADK) mechanism. What is the KRA's public position on PGP's ADK? 2. A public debate has recently arisen because the KRA website's member roster indicates that Network Associates (NAI) is a member of the KRA. NAI representatives, however, have publicly contraindicated this. Can you clarify NAI's membership status in the KRA, specifically: A. On what date (if ever) did NAI apply for membership in the KRA? B. Is the KRA in possession of any evidence (letter, etc) to show that NAI was or is a member of the KRA? C. If NAI was a member of the KRA at any time, on what date did a corporate officer of NAI formally withdraw NAI from the KRA, if ever? D. Regarding KRA membership policy, if a company is not a member itself but acquires another company that is a KRA member, but, does this acquisition automatically confer membership status on the parent company, or is a formal request to "expand" the company's membership necessary? E. If NAI was not a member of the KRA at the time of its Trusted Information Systems (TIS) acquisition, did the KRA receive a request from any NAI representative to expand TIS's membership to all of NAI? 3. KRA member companies are listed with their web URLs, but no individual contact name/phone/email is provided for any of them. Can you supply a complete listing of the designated contacts (corporate representatives) at each of the KRA member organizations, should one want to discuss with them their respective companies' KR positions or proposals? For example, if, in fact, the KRA website is correct to list NAI as a member, then who is NAI's official KRA representative? Thank you in advance for your prompt clarification. dave ____________________________________________________________________________ Dave Del Torto +1.415.334.5533 CSO & VP Security Consulting <mailto:ddt@lsd.com> Level Seven Digital Labs PGP Key: <http://pgp.ai.mit.edu:11371/pks/lookup?op=getsearch=0x28C029AF> Fingerprint: 9b29 031d 70de f566 e076 b108 904d fea3 28c0 29af / Size: 4096 -----BEGIN PGP SIGNATURE----- Version: PGP 6.0 iQA/AwUBNlUMapBN/qMowCmvEQKt8wCg0i6ZZj1a6aL/TrzM/jqv4wKBEnoAoK4e xkwtQCiBJDHuBUWFRzCRBA/K =fg+B -----END PGP SIGNATURE----- ................................. cut here ................................. The KRA's prompt reply (signed by me to indicate what I received): -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Date: Fri, 20 Nov 1998 06:31:50 -0800 To: Dave Del Torto <ddt@lsd.com> From: Michael LoBue <LoBue@kra.org> Subject: Re: request for information Cc: Majdalany@kra.org, Bobbie@kra.org Mr. Del Torto, Thank you for your inquiry about a KRA member company. I am member of the Alliance's secretariat staff addressing their business and administrative needs. This puts me in a position to answer some of your questions directly. Others I will pass along to appropriate Alliance member representatives for response. About the KRA's public position on PGP's ADK, obviously it was not adequately addressed for your needs in the Alliance's existing materials. I will ask a more appropriate and knowledgeable spokesperson to respond to your questions and concerns. Concerning Network Associates membership in the KRA, in response to your question I have verified that our files contain an executed Membership Agreement for Network Associates (dated July 2, 1998), as well as a properly completed Application for Membership of that same date. As an aside, the KRA has retained our firm to manage their business and administrative affairs. Our business is solely the management of industry associations. Thus, we have no conflict of interest as our clients are the 'associations' themselves and not any of the individual member companies. For the management of our client associations (currently 4) we employ certain practice standards. One important practice area is the impartial recognition of membership. Simply put, we exercise no discretionary judgment about whether a company is a member or not. If a company completes the required steps to become a member (execute an agreement, complete an application and pay the appropriate dues) they become a member. In other words, membership is binary...complete all the steps --> become a member; omit any of these steps --> NOT a member. Ever since the the Alliance was formally constituted as a California nonprofit corporation (October 1997), rigorous application processes have been in place. It is true that a number of companies, including NAI I believe, were attending meetings under the name of the KRA during much of 1997. However, until the Alliance was formally constituted, involving membership agreements, applications and payment of dues, it's not entirely accurate to characterize those companies participating in 1997 as 'members' of the Alliance. Indeed, some of this current 'public debate' about NAI's relationship with the KRA goes back to their public statement that they 'withdrew' from the organization. The fact of the matter is that they simply did not choose to become an actual member at the time the organization was formally constituted. When it was reported that they withdrew, there was in fact no entity from which to withdraw. Regarding the listing of individual representatives from member companies, it is the Alliance's policy not to do this. For whatever it's worth, this is a standard practice of industry associations. I am passing your message along to the designated NAI representative and inviting him to respond. At the risk of stating the obvious, it is not uncommon for companies in any industry, especially hi-tech, to have multiple opinions within their management teams. And, to have these opinions expressed in public forums. It has been my experience that it is dangerous to infer corporate and product strategies from a companies membership in industry groups. Companies join industry associations for all manner of reasons, not all of which they share with the market. I'm not suggesting any thing other than the fact that our industry makes for extremely "complex business" and there's no reason to believe that this complexity of actions, strategies and motivations isn't going to appear in a company's involvement in industry associations. Sorry for the length of this reply. However, it's clear that there are a great many concerns behind your questions and I've tried to reach those concerns. I hope this response has been useful to you. Regards, Michael LoBue KRA Secretariat Staff --end KRA response-- -----BEGIN PGP SIGNATURE----- Version: PGP 6.0 iQA/AwUBNlWtuJBN/qMowCmvEQI6WACgv0CZt3KmzptfQxO/2FJ2aqAA/v8An1C6 +q4Uh8H0LuwMKpou5cVS14v6 =ssZt -----END PGP SIGNATURE-----
17 November 1998 Cabe Franklin (NAI PR) <cabe.franklin@cbpr.com> Dear Cabe, Below are messages on the NAI/KRA topic from UKCrypto mail list. We'd welcome NAI's further response on this. John JYA/Urban Deadline 251 West 89th Street, Suite 6E New York, NY 10024 Cryptome: http://jya.com/crypto.htm Tel: 212-873-8700 Fax: 212-799-4003 ---------------------------------------------------------------------- To: ukcrypto@maillist.ox.ac.uk Subject: Escrow - news Date: Fri, 13 Nov 1998 10:55:06 +0000 From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk> (1) Network Associates has quietly rejoined the Key Recovery Alliance - see http://www.kra.org. (2) There's a highly inaccurate piece on digital certificates in today's Computer Weekly (p 36). This isn't the first time that they've messed up. It's bad form that one of Britain's two trade papers should be so conspicuously ignorant; why doesn't everyone write to the editor at computer.weekly@rbi.co.uk? Ross ---------------------------------------------------------------------- Date: Sat, 14 Nov 1998 08:16:41 +0000 To: ukcrypto@maillist.ox.ac.uk From: T Bruce Tober <octobersdad@reporters.net> Subject: Re: Escrow - news In message <87r9v7l3i5.fsf@hedonism.demon.co.uk>, Paul Crowley <paul@hedonism.demon.co.uk> writes > >I'm genuinely surprised by this - I had thought better of many of the >companies listed as members. What on earth is motivating them to >join? I'm not being sarcastic here - I actually can't guess. >Currying favour with the government of the day? Hoping to get their >oar in as "trusted" third parties? What? > >Insufficiently cynical, When I spoke with several of these companies, in researching my Bloor report, I got virtually the same answers. I wrote up the answers from Entrust specifically, in the report, as follows: Entrust is a charter member of The Key Recovery Alliance, a group of more than "60 international companies who are working together to facilitate the worldwide commercial use of strong encryption. The Alliance is focused on identifying major barriers to the development of marketable key recovery products and services, and, as appropriate, proposing solutions for industry." Regardless of the KRA's charter's ambiguous wording, or perhaps because of it, many encryption advocates believe it's purpose is actually to advocate the universal acceptance and implementation of key recovery, trusted third party, and key escrow-type encryption systems. Ian Walker, Technical Director of Entrust Technologies Europe, explains the apparent contradiction between his company's stance and this view of the KRA by noting that the organisation "believes in the mechanism of allowing the ability for somebody else to take your message and without you knowing it, get some information that allows them to decrypt it. That is a model to which we don't subscribe. We believe the person operating the CA is the person who should be doing that key recovery function, because it's an absolute commercial necessity." He explains that enabling such capability "adds bulk to the message and you're adding this extra level of complexity that you have to have this other key defined for you... So there's more complexity, more cost, a whole extra raft of infrastructure. Entrust Technology's position is we don't think that's a good idea." Walker claims Entrust's membership in the KRA is based on the concept of not being able to affect the making of the rules without being on the team. He says it's his company's goal to make sure they don't. But rather that Entrust hopes to persuade them not to do something that's very likely a bad idea. "The big issue behind this," he says, "of course, is US export regulations. The whole reason for things like recover key and all these third party concepts of key recovery blocks in messages is to meet US export regulations and the requirement for law enforcement to be able to get in." The bottom line in encryption for a business, he says is that you need: 1. The CA to issue the certificates. 2. Some form of directory to hold the public key information. 3. Some form of key revocation system, including reasons for revocation. Keys have a lifetime, typically now a year to 18 months. Once they've rolled over, and information needs to be held for 5, 10, 15 and more years, if you then want to validate the signature after the signature's been revoked, you need to know it was revoked because it expired, as opposed to being revoked because the guy couldn't be trusted. 4. Key back up and recovery has to be integral. "To make all that work you need some client side software to integrate it all and interact with the relevant bits," he concludes. tbt -- |Bruce Tober, <octobersdad@reporters.net>, <http://www.crecon.demon.co.uk>| | Birmingham, UK, EU +44-121-242-3832. Freelance Journalist, & Website | | consultancy and development. PGP key ID material my website | ---------------------------------------------------------------------- Date: Sat, 14 Nov 1998 11:43:07 +0000 To: ukcrypto@maillist.ox.ac.uk From: "Ian D. Goodyer" <goodyer@well.ox.ac.uk> Subject: Re: Escrow - news Here is a response from Will Price who was formally from PGP inc and now of course is with NAI. ian -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've commented about this on this list before I believe. This appears to be a case of really old news suddenly being dredged up for no apparent wholesome reason -- which strikes me as quite odd because Wired was apparently so eager to break this ancient story that they didn't wait to ask anyone from NAI about it. NAI being listed on the KRA page is *solely* a result of our TIS acquisition. I really doubt anyone here actually called some KRA person and officially renewed our membership. Frankly, I doubt anyone here actually knows who to talk to there -- if there even is a "there". As I have said before, due to the TIS acquisition, NAI now has a bunch of products which contain key escrow features. Eliminating or modifying these features such that they work in a less big brother-like fashion will take significant time -- indeed entire TIS products were based around managing key escrow infrastructures. Don't get me wrong, TIS had a lot of other great products, but it will take time to redesign and rethink some of them in the context of export and key escrow. I'm not sure there's much point in withdrawing from KRA when those products still exist. These issues have no effect whatsoever on the PGP group. As always, we continue to publish full source code which effectively solves all the export issues for us. Robert Guerra wrote: > I just picked this up from another mailing list that I am on. Perhaps the > folks at NAI can clarify things? > > - ---------- Forwarded message ---------- > Date: Fri, 13 Nov 1998 10:55:06 +0000 > From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk> > Reply-To: ukcrypto@maillist.ox.ac.uk > To: ukcrypto@maillist.ox.ac.uk > Subject: Escrow - news > > (1) Network Associates has quietly rejoined the Key Recovery Alliance > - - see http://www.kra.org. - -- Will -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 iQA/AwUBNkySo6y7FkvPc+xMEQIuygCfYosXGISVrKd4dYWwM8xOrVdd4WAAn3dT XvDG6FMapZpjmvjucF67fwM5 =xa+R -----END PGP SIGNATURE----- Will Price, Architect/Sr. Mgr., PGP Client Products Total Network Security Division Network Associates, Inc. Direct (408)346-5906 Cell/VM (650)533-0399 <pgpfone://cast.cyphers.net> PGPkey: <http://pgpkeys.mit.edu:11371/pks/lookup?op=getsearch=0xCF73EC4C> ---------------------------------------------------------------------- To: ukcrypto@maillist.ox.ac.uk Subject: Re: Escrow - news Date: Sat, 14 Nov 1998 15:42:26 +0000 From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk> Will Price writes: > NAI being listed on the KRA page is *solely* a result of our TIS > acquisition On his most recent speaking tour of Europe, at which he promoted PGP v 6, Phil Zimmermann assured us categorically that NAI had at his insistence withdrawn from the KRA. It now appears that either (1) he lied to us (2) he was himself lied to by NAI management or (3) NAI has rejoined. > I really doubt anyone here actually called some KRA person and > officially renewed our membership. Frankly, I doubt anyone > here actually knows who to talk to there -- if there even is a > "there". You marketed version 6 of your product on the back of a claim that you'd left the KRA. Yet NAI is now listed on the KRA website as a member, and this is clearly doing your product material harm. Either it's not true that you're a member, in which case your lawyers will be able to extract so much money from KRA that it goes out of business, whereupon the world will cheer and buy your product, or it is true, in which case the damage will continue. There is a deeper issue for the community here. For many years we have tended to trust products because we know the technical people involved. This has been the foundation for trust of other kinds. For example, some years ago, a certain country's foreign ministry asked me for a reference on Entrust prior to buying their products; my response was that I knew both Paul van Oorschot and Mike Wiener, and in my opinion they were both very competent. As a result of this, purchasing decisions may have been taken with a significant effect on national intelligence, economic competitiveness and even military preparedness. As the country in question is a NATO member, its diplomatic comsec (or lack of it) affects the UK directly. Now, in one weekend, we have two cases where assurances from credible technical people turned out to be unsatisfactory. Where does that leave us? Since I gave that reference for Entrust, the University here has tightened up on liability. We must take care not to give references that are untruthful or even misleading. We are urged to err on the side of caution. So next time a foreign ministry asks me whether Entrust products are kosher, I probably have to reply: `You cannot prudently trust any third party to sell you trustworthy comsec products. Recall Britain's selling old Enigmas to allies in the Commonwealth; think of the fuss over red-threading; check out the trapdoor in Sesame; and read up on key escrow. The only way you can get good kit is if you build it yourself. If you don't have the skills, then I suggest you get some bright graduates to check out our PhD programme - see <http://www.cl.cam.ac.uk/UoCCL/research/>' A very traditional view of the world. Has nothing really changed since the 1960's? Ross ---------------------------------------------------------------------- Date: Mon, 16 Nov 1998 09:20:31 +0000 From: Steve Mynott <stevem@tightrope.demon.co.uk> To: ukcrypto@maillist.ox.ac.uk Subject: Re: Escrow - news On Sat, Nov 14, 1998 at 03:42:26PM +0000, Ross Anderson wrote: > On his most recent speaking tour of Europe, at which he promoted > PGP v 6, Phil Zimmermann assured us categorically that NAI had at > his insistence withdrawn from the KRA. > > It now appears that either (1) he lied to us (2) he was himself > lied to by NAI management or (3) NAI has rejoined. I assume you are refering to the meeting at Cambridge University that you chaired. My subjective impressions of that meeting were that PZ was certainly sincere. I seem to recall he told us that he was unware NAI had even orginally been a member of KRA until he was telephoned by a journalist in his car and was opposed to this. Presumably this was before NAI bought TIS and rejoined (?) I would add an option (4) PZ didn't know -- cockup not conspiracy But all this leads to a lack of confidence in the future of the PGP product, which is too precious to be left in the hands of one (American) company, whose policy is in doubt. I am not currently convinced by their actions that NAI are serious about strong crypto and I believe that a truly free and open version of PGP (GPG?) would be superior. -- 1024/D9C69DF9 steve mynott steve@tightrope.demon.co.uk http://www.pineal.com/ i would rather have my ignorance than another man's knowledge, because i have got so much more of it. -- mark twain ---------------------------------------------------------------------- Date: Sat, 14 Nov 1998 23:39:55 GMT From: Adam Back <aba@dcs.ex.ac.uk> To: ukcrypto@maillist.ox.ac.uk Subject: TIS & PGP -- who is pulling the strings (Re: Escrow - news) Here's a forward of some comments I made on cypherpunks on Will Price's comments as forwarded by Ian Goodyer. Will Price <wprice@pgp.com> wrote: > I've commented about this on this list before I believe. This appears > to be a case of really old news suddenly being dredged up for no > apparent wholesome reason -- which strikes me as quite odd because > Wired was apparently so eager to break this ancient story that they > didn't wait to ask anyone from NAI about it. I didn't heard anything other than speculation as to whether the TIS acquisition would result in NAI rejoining KRA. The news is that it now is listed again (or at least someone noticed that it is now listed). Perhaps I was not paying attention, but I didn't hear anyone from PGP announce that NAI had rejoined (or automatically rejoined) KRA as a result of TIS merger. > NAI being listed on the KRA page is *solely* a result of our TIS > acquisition. I really doubt anyone here actually called some KRA > person and officially renewed our membership. Frankly, I doubt anyone > here actually knows who to talk to there -- if there even is a > "there". Surely some of your TIS GAKware colleagues know all about KRAP -- being major league GAKkers, and having specifically signed up in the first place, being leading contributers to the KRAP/GAK drive effort. > As I have said before, due to the TIS acquisition, NAI now has a > bunch of products which contain key escrow features. Watch terminology here. TIS stuff contains GAK -- "key escrow" or "message recovery" where the government has the master keys. All commercial PGP versions 5.x and higher contain key recovery in the form of PGP's "Corporate Message Recovery" (CMR) design. Even the personal use versions know how to cooperate in providing corporate backdoors. Now CMR is clearly much less objectionable than TIS stuff, tho' politically debatable I would argue. TIS stuff is outright GAK. But I think part of the point of KRA was to coerce/bribe crypto companies to demonstrate working and workable NSA master key type GAK. The problem people have had with PGP building a CMR / CKE mechanism is you as a side effect demonstrate a method which would be workable as an NSA master key GAK system. Clearly all that is missing is software configuration and the NSA to publish a key, and a law requiring use of it. Yeah, OK so there was always encrypt to self, but giving the NSA ammunition is bad (viz the quotes from US government saying that Key Recovery works and using PGP 5.x as an example). I think that helping the US government claim that GAK is workable is a bad result for a company with PGP's privacy stance to end up contributing to. I am glad that CMR was kept out of the OpenPGP spec. > Eliminating or modifying these features such that they work in a > less big brother-like fashion will take significant time -- indeed > entire TIS products were based around managing key escrow > infrastructures. Don't get me wrong, TIS had a lot of other great > products, but it will take time to redesign and rethink some of them > in the context of export and key escrow. Will seems to be saying here that NAI is planning to remove GAK from the TIS products acquired in the NAI purchase of TIS. Firstly this is interesting because I wonder who is pulling the strings inside NAI -- consider: NAI paid a lot more for TIS than they paid for PGP. TIS has lots of US government defense contracts (presumably partly as bribery for assistance to US Government with KRAP/the GAK drive). Secondly he comments that it will take significant time to make the TIS products less big brother like. I don't buy this. You've got the source code -- just release a patch to fill the GAK field with garbage. Sounds like a days work tops. > I'm not sure there's much point in withdrawing from KRA when those > products still exist. Sure there is. The bad PR of being in KRAP alone should make it worth quiting. This was why PRZ arranged the pull out last time around. Secondly pulling out of KRA would be a nice way to back up your claims that NAI intends to remove the GAK from the bought TIS products. If NAI intends to do this, what is the point of being a member of KRA which is all about acheiving the reverse -- about putting GAK into products. > These issues have no effect whatsoever on the PGP group. Glad to hear it. The effect it does have is in reputation damage due to PR fall out. Some people may prefer not to buy from a company supporting the US government in it's attempts to force key escrow onto users. NAI is pulling in two directions, TIS and KRA membership, and PGP privacy stance. Adam ---------------------------------------------------------------------- Date: Sun, 15 Nov 1998 06:01:09 -0500 From: Rainer Fahs <101544.3054@compuserve.com> Subject: TIS & PGP -- who is pulling the strings (Re: Escrow - news) To: ukcrypto@maillist.ox.ac.uk <ukcrypto@maillist.ox.ac.uk> Nachricht geschrieben von INTERNET:ukcrypto@maillist.ox.ac.uk >Glad to hear it. The effect it does have is in reputation damage due >to PR fall out. Some people may prefer not to buy from a company >supporting the US government in it's attempts to force key escrow onto >users. NAI is pulling in two directions, TIS and KRA membership, and >PGP privacy stance. I think this is exactly the point. It looks as if NAI is trying to do the splits between two chairs, but it is the NSA that determines the span between the chairs. The average user does not understand the difference between the products, it is the company that joins (or leaves) the KRA and it would require a lot of marketing to convince possible customers that there is a privacy risk in one product but not in the other one. Rainer Fahs ---------------------------------------------------------------------- Date: Tue, 17 Nov 1998 17:44:01 -0500 To: politech@vorlon.mit.edu From: Declan McCullagh <declan@well.com> Subject: FC: More on Network Associates and its crypto-politics Cabe Franklin <cabe.franklin@cbpr.com> forwards this statement from Wes Wasson, director of marketing for Network Associates' security division: >"NAI officially withdrew from the Key Recovery Alliance in late 1997. In May >of 1998, NAI acquired Trusted Information Systems, which had been an active >member of the KRA. NAI subsequently reliquished the leadership role TIS had >taken in the organization. NAI Labs' TIS Advanced Research Division >continues to monitor the KRA's activities from a technical perspective, but >Network Associates in no way advocates mandatory key recovery." >- Cabe Franklin (NAI PR) >415-975-2223 TIS supports export controls on encryption products. My article: http://www.well.com/user/declan/pubs/cwd.shadow.cryptocrats.0298.txt -Declan -------------------------------------------------------------------------- POLITECH -- the moderated mailing list of politics and technology To subscribe: send a message to majordomo@vorlon.mit.edu with this text: subscribe politech More information is at http://www.well.com/~declan/politech/ --------------------------------------------------------------------------