[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Exportable if Escrowed



PGP inherently provides master-key service, which can be used for escrow.
On a normal PGP message, there's a session key which the sender knows,
and a copy of the session key is provided to the recipient, who can open
it on the condition that he has the genuine private key.  That's fairly
close to _real_ escrow - it's certainly closer than Clipper's Master-Key stuff.
(And it has a lot more masters :-)

If PGP message-senders want to do so, they can use multiple recipients
on a given message, so the key is accessible to a third party trusted by
the sender (the legitimate recipient already can give it to trusted parties.)
(Typically a sender might use encrypt-to-self to retain the key for later use.)

An amusing feature to add to PGP (using the 3.0 toolkits when available)
would be a session-key-splitting feature, which uses Shamir M/N sharing or
a simple two-way split and encrypts the splits with different people's
public keys,
so that you could give them to semi-trusted parties.

Of course, the Clintonites' proposal of "Well let you use slightly less wimpy
encryption in return for GAK" is really offensive - if they've got GAK,
it doesn't matter if they keys are 64000 bits long, since they'll have them.
Smokescreen.

On the other hand, master GAK keys don't fit well into a Web of Trust -
you'd essentially have to require that people only send mail to keys that are
signed by an escrow service, and people wouldn't always do that if they had
a choice - to enforce GAK, you either need to limit the sender's encryption
software (unrealistic) or the recipient's decryption software (unrealistic),
probably by requiring exportable products to use a specific hierarchical
key-service.
#---
#                                Thanks;  Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---

	   "The fat man rocks out
	Hinges fall off Heaven's door
	   "Come on in," says Bill"    Wavy Gravy's haiku for Jerry