Re: So, what crypto legislation (if any) is necessary?

[Rich Graves <llurch@networking.stanford.edu>]

On Mon, 25 Mar 1996, Timothy C. May wrote:

[Damn... I can't find anythig I disagree with... oh, how about this]

> Obviously things get more complicated when a private key or set of keys "is
> one's identity." That is, at some future time, when a key or set of keys is
> literally the key to one's identity, then this document is no longer "just
> another document." A law enforcement agency or court that obtains these
> keys could do much damage, beyond just the matter being investigated or
> tried in court. The release of the key cannot be undone. A thorny problem.

IMO this is why maintaining separate keys for identity and encryption, as
is done by both the MS CryptoAPIVapor and Espionage-Enabled Notes, is such
a good idea. The two (or more) keys would sign each other, but they can't
take the place of each other. I sorta wish PGP had this feature. Of course
you can embed comments into your key ID to specify usage, but it's not
quite the same thing.

But anyway, just as a tactical matter, I think getting behind the Leahy
bill, precisely because it had no chance of passing, would have been the
right thing to do (written in past tense because I'm sure it is). The good
guys would have had a better chance to appear reasonable and to get their
views on the record.

-rich