[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: So, what crypto legislation (if any) is necessary? (Was List O' , shame)



At  9:20 PM 3/25/96 -0800, Simon Spero wrote:
>On Mon, 25 Mar 1996, Bill Frantz wrote:
>
>> At  1:32 PM 3/25/96 -0500, Black Unicorn wrote:
>> to type them.  Since storage was limited, and old messages were purged from
>> the system it also had the effect that anti-trust discovery would have
>> nothing to discover.
>
>Hmmm - that's another issue; what about diffie hellman with ephemeral 
>keys? Once the transaction is complete, unless you keep a copy of the key, 
>even you can't decrypt that session. Would a law requiring you to keep a 
>copy of the keys be important. It would have the advantage of allowing 
>a sub-poena to be more restrictive than "just hand over your private 
>key", but it's a pretty heavy (undue?) burden. 

With PGP at least, it should be possible to hand over the IDEA key required
to decrypt each message in question without having to hand over your
private key.  Since the court would have your public key, they could verify
that the IDEA key you gave them was indeed the correct key.

Of course if they are using the subpoena to intimidate you, then they will
insist on the private key.

N.B. The IBM voice system mentioned above (and the attribution should be to
me, and not Black Unicorn) did not use any crypto.

Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
[email protected] | dead teenagers | Los Gatos, CA 95032, USA