[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New Threat on the Horizon: Software Key Escrow
Look at the success RSA has had with Apple building their certification
structure into System 7 Pro. There was discussion on sci.crypt about
whether PGP (or any non-hierarchical certification structure) could be
used, and the consensus seemed to be that the hooks aren't there. If you
want to inter-operate with this software, which will presumably be widely
available in the future, you will have to join the official certification
hierarchy. So long, web of trust.
Now, this approach does seem vulnerable to reverse-engineering the OS,
getting in below the software layers which you are supposed to use, to
defeat the restrictions the software is trying to place on you and have
built-in encryption of your choice. But this will be a big job. Still,
maybe the best approach when MSoft comes out with this encryption built-
in will be to get software out which will bypass it while still using
the other value-added features like hot links, automatic encryption/
decryption, etc. Otherwise they may well succeed in getting a de facto
standard into place which does not protect individual privacy.
Hal