[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Gore's "new and improved" key escrow proposal
On Mon, 25 Jul 1994, Phil Karn wrote:
> I think we need to distinguish between encrypted *storage* and
> encrypted *communications*. Voluntary key escrow may make sense for
> encrypted stored business files, but communications is a different
> story. Since there should be nobody out there recording packets, there
> is no need to back up or escrow the keys used to encrypt them.
Good point. The line between storage and transmission gets kind of
fuzzy, however, if transmitted messages get stored in encrypted form. I
think that if I were designing an encryption system to be used for both
in my own business, I would probably consider a compartmented escrow
system for both kinds of messages, with a different escrow public key for
each department. That is would be a good balance between two evils:
unauthorized disclosure of proprietary communications, and loss of
encrypted data due to loss of a key or loss of an employee. Naturally,
this would not be as convenient for law enforcement agents and spies, but
I suppose that my own escrow data base would still be subject to the same
subpoena process as the rest of my records, but I would be more likely to
know when information was being leaked.
___________________________________________________________
|\ /| | | |
| \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-772-1062 |
| | | / _ | [email protected] aka [email protected] [email protected] |
| |||/ /_\ | ftp://ftp.csn.net/mpj/README.MPJ CIS: 71331,2332 |
| |||\ ( | ftp://ftp.netcom.com/pub/mpj/README.MPJ -. --- ----- ....|
| ||| \ \_/ |___________________________________________________________|