[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Access to Storage and Communication Keys




The government and its friends have tried for a while to
convince the public that there's a great business market for
access to keys by the Proper Authorities, whether bosses or cops.
A number of us on the Pro-Privacy side have contended that
this is wrong - the business need is for later access to stored files,
not to encrypted communications keys and of course not to signature keys.

Having argued that point vociferously in the past, I'm now going to
waffle on the issue - while the business need is for access to
stored data, this may often include stored messages received from
a communication system in encrypted form.  Either the User Interface
needs to make it convenient to store the decrypted message,
or else the user will store the message in encrypted form -
which means there may be a business need for Proper Authority Access later.

This means, as {cypher,coder,ranter}punks, we need to address
this problem when building crypto tools, to avoid building systems
that create or sustain a business need for access to communication keys.

Some email systems really encourage you to save messages in 
one big hulking undocumented monolithic email box, with subfolders 
and databases and attachments and pointers, and some are a bit more
friendly but still leave bits and pieces of MIME splattered on your disk.
Some of the nicer tools I've used for encrypted file/mail handling
make it convenient to take encrypted incoming mail, decrypt it,
and either view it or save it to a file or clipboard.

I've been using PGP Inc.'s PGP5.0 Eudora Plug-In,
and it decrypts the mail into the mail message buffer itself.
When you finish with that particular message (e.g. go to the next,
or just close it), you get asked it you want to save the modified message,
and if you say "yes" you'll have the decrypted message in your mailbox.
However, there's a negative about this - if you receive mail that's 
signed and encrypted, and save the modified version, it loses the
signature information - so it may be more valuable to save the
encrypted version...


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#   (If this is a mailing list or news, please Cc: me on replies.  Thanks.)