[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
File vs. Communication Key Escrow
Jumping on the bandwagon a bit here...
Walt makes a plausible business case for key escrow for software
that encrypts static information for archival purposes.
Has anyone been able to come up with a good business case for
key escrow of communications keys? Note that if you're concerned
about communications history, that this is really just a special
case of static information that is archived.
Note that all key escrow proposals to date have focused almost
entirely on "escrow" of keys used in communication. The recent
attempts to manufacture a business case for this by confusing
these two very different situations is part of the tactics we have
come to expect from the government when dealing with this issue.
If anything good can be said about the badly written, vague and
clearly unconstitutional new regulations from the Department of
Commerce, it's that they're less mealy-mouthed and weasling than
previous attempts to explicate the government position on
cryptography.
At 11:23 PM 12/16/96 -0800, [email protected] wrote:
>Walt Armour <[email protected]> wrote:
>> If I encrypt a $10 million dollar proposal and then get 86'd in
>> a car accident I would like to go to my grave knowing that the
>> company could get the proposal back. ....
>
>Anyone who stores a $10m proposal on only one machine,
>without making backups on somebody else's machine, preferably
>out of the building, is asking for the Clue Fairy to send him
>disk drive gremlins and software from Bill Gates to scribble on his disk,
>and his company should probably consider 86ing him before he
>strikes again :-)
>
>Slightly more seriously, there are certainly corporate reasons to
>store backups of keys for important data, such as backup tapes
>and communications. GAK-style technology is the wrong level approach
>for communications - GAK-style access to keys is useless unless
>you've also backed up the data, so if your corporate officers need
>the data, give it to them encrypted with their own keys.
>Similarly, if you want backup access to keys used to encrypt files,
>back up the keyrings, maybe using a secret-sharer if you want to require
>multiple people to access the backup, or just have the backups of
>the files encrypted with the keys for the backup server.
>
>> BUT in regards to the general populace, I do not advocate any form of
>> key escrow/recovery.
>
># Thanks; Bill
># Bill Stewart, +1-415-442-2215 [email protected]
># You can get PGP outside the US at ftp.ox.ac.uk
># (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
># so please Cc: me on replies. Thanks.)
>
>