[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: So, what crypto legislation (if any) is necessary?

To: [email protected] (Timothy C. May), [email protected]
Subject: Re: So, what crypto legislation (if any) is necessary?
From: [email protected] (Bill Frantz)
Date: Mon, 25 Mar 1996 15:53:14 -0800
Sender: [email protected]

At 12:23 PM 3/25/96 -0800, Timothy C. May wrote:
>Obviously things get more complicated when a private key or set of keys "is
>one's identity." That is, at some future time, when a key or set of keys is
>literally the key to one's identity, then this document is no longer "just
>another document." A law enforcement agency or court that obtains these
>keys could do much damage, beyond just the matter being investigated or
>tried in court. The release of the key cannot be undone. A thorny problem.

This is precisely the problem Certificate Revocation Lists and Certificate
Expiration Dates address.  There seems very little reason to subpoena a
persons signing key, only decryption keys.  If future software uses
separate keys for these two functions, then there may be minimal danger. 
(With PGP, it should be sufficient to provide the IDEA keys for the
messages in question, leaving the secret key still secret.)

Regards - Bill

------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
[email protected] | dead teenagers | Los Gatos, CA 95032, USA

Prev by Date: Re: LIST OF SHAME VOLUNTEERS
Next by Date: Re: RISKS: Princeton discovers another Netscape security flaw
Prev by thread: Re: Bad news from Judge Richey
Next by thread: Re: So, what crypto legislation (if any) is necessary?
Index(es):
- Date
- Thread