[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: So, what crypto legislation (if any) is necessary?



At 12:23 PM 3/25/96 -0800, Timothy C. May wrote:
>Obviously things get more complicated when a private key or set of keys "is
>one's identity." That is, at some future time, when a key or set of keys is
>literally the key to one's identity, then this document is no longer "just
>another document." A law enforcement agency or court that obtains these
>keys could do much damage, beyond just the matter being investigated or
>tried in court. The release of the key cannot be undone. A thorny problem.

This is precisely the problem Certificate Revocation Lists and Certificate
Expiration Dates address.  There seems very little reason to subpoena a
persons signing key, only decryption keys.  If future software uses
separate keys for these two functions, then there may be minimal danger. 
(With PGP, it should be sufficient to provide the IDEA keys for the
messages in question, leaving the secret key still secret.)

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
[email protected] | dead teenagers | Los Gatos, CA 95032, USA