[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Encrypted filing of patents sans GAK?



Willis,
My understanding is that Patty Edfors is overseeing *two* groups of pilots.
One group to experiment with PKIs in government agencies and another group
of ten, as David Aaron said, to "demonstrate the practicality" of key
recovery. The quotes are from my notes of Aaron's talk at the RSA Data
Security Conference. Aaron *did* mention as an example the "filing of
patent applications to the patent office" as an activity that is to explore
key recovery, but I know nothing of the specifics of that.

Also, my understanding is that the intent is definitely *not* to store
private keys used for signing. The GAO has issued a ruling that this is a
no-no. I agree with your judgment that doing so would compromise the
protection one expects from digital signatures. Besides, as one of the
speakers noted at the Conference last week, the evidentiary value of data
gained from wiretapping surely would lose some of its value if a third
party were holding private signature keys of the culprit being wiretapped.

Bill

 >--
>Folder: YES
>--
>Sir:
>
>I believe that the words have been misleading.  According to a briefing that
>I heard in December at a meeting of the Computer System Security and
>Advisory Board, Ms. Patty Efors of the Department of Treasury described a
>group of 10 pilot projects designed to test the efficacy and application of
>digital key signatures in government agencies.  I recall no mention of key
>recovery and in fact, I would assert that if the private keys used in
>digital-signature schemes are in the hands of a 3rd party, the protection
>expected from a digital signature will have been compromised.
>
>Presumably Ambassador Aaron and Ms. Edfors were talking about the same 10
>projects; and if so, then the Ambassador's presentation was confused.
>
>                                        Willis H. Ware
>                                        Santa Monica, CA