to the end-user."
http://www.crypto.com/key_study/re****t.shtml
The Risks of Key Recovery, Key Escrow,
and Trusted Third-Party Encryption
Hal Abelson[1]
Ross Anderson[2]
Steven M. Bellovin[3]
Josh Benaloh[4]
Matt Blaze[5]
Whitfield Diffie[6]
John Gilmore[7]
Peter G. Neumann[8]
Ronald L. Rivest[9]
Jeffrey I. Schiller[10]
Bruce Schneier[11]
Final Re****t -- 27 May 1997[12]
Executive Summary
A variety of ``key recovery,'' ``key escrow,'' and ``trusted third-party''
encryption requirements have been suggested in recent years by government
agencies seeking to conduct covert surveillance within the changing
environ-
ments brought about by new technologies. This re****t examines the
fundamental
properties of these requirements and attempts to outline the technical
risks,
costs, and implications of deploying systems that provide government
access to
encryption keys.
The deployment of key-recovery-based encryption infrastructures to meet
law
enforcement's stated specifications will result in substantial sacrifices
in
security and greatly increased costs to the end-user. Building the secure
computer-communication infrastructures necessary to provide adequate
technological underpinnings
