1994-07-26 - Re: New Threat on the Horizon: Software Key Escrow

Header Data

From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: 9d71b6acebb316aa4263a52739a30c1cb805cbad6372e218f4b813e3aa538cb8
Message ID: <199407262054.NAA00151@jobe.shell.portal.com>
Reply To: <199407261933.MAA17765@netcom8.netcom.com>
UTC Datetime: 1994-07-26 20:53:40 UTC
Raw Date: Tue, 26 Jul 94 13:53:40 PDT

Raw message

From: Hal <hfinney@shell.portal.com>
Date: Tue, 26 Jul 94 13:53:40 PDT
To: cypherpunks@toad.com
Subject: Re: New Threat on the Horizon: Software Key Escrow
In-Reply-To: <199407261933.MAA17765@netcom8.netcom.com>
Message-ID: <199407262054.NAA00151@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Look at the success RSA has had with Apple building their certification
structure into System 7 Pro.  There was discussion on sci.crypt about
whether PGP (or any non-hierarchical certification structure) could be
used, and the consensus seemed to be that the hooks aren't there.  If you
want to inter-operate with this software, which will presumably be widely
available in the future, you will have to join the official certification
hierarchy.  So long, web of trust.

Now, this approach does seem vulnerable to reverse-engineering the OS,
getting in below the software layers which you are supposed to use, to
defeat the restrictions the software is trying to place on you and have
built-in encryption of your choice.  But this will be a big job.  Still,
maybe the best approach when MSoft comes out with this encryption built-
in will be to get software out which will bypass it while still using
the other value-added features like hot links, automatic encryption/
decryption, etc.  Otherwise they may well succeed in getting a de facto
standard into place which does not protect individual privacy.

Hal






Thread