From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 24 Feb 1996 17:02:32 +0800
To: cypherpunks@toad.com
Subject: Re: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <199602240738.XAA15096@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>At 12:19 AM 2/23/96, P.J. Ponder wrote:
>>The first paragraph here bothered me.  If a user (or an organization)
>>needs to have access to data that was encrypted by an associate ( or one
>>of its employees) wouldn't sound practice require that the key not be
>>entrusted to just one person?  I don't see the need for any fancy
>>"key-recovery" protocol with any outside entities.  We can handle this
>>internally in my shop.  Some keys I give a copy to Alice, and down the
>>hall Bob has some, too.  If I get hit by the bus, they can get my company
>>related data back.  We don't need any "service" or "licensee" or "trusted
>>third party" or any of that, thank you very much.  And we don't need any
>>one developing OTPs for us either, and we don't need government agencies
>>keeping copies of any of our keys.

Hear, hear!  A decade or so ago, when I was a tool of the Military-Industrial
Complex, we had key escrow and trusted third-party products, but they were
appropriate technology - Big Ugly Safes that were rated for classified storage.
If you had data or (physical) keys or safe combinations you wanted to protect,
you could put them in the safes in the computer room or security office.  The
main thing we used the latter for was the combination of the computer-room safe,
which we kept in a sealed envelope for emergencies.  The same technique
can work just fine for crypto keys today.  If you'd rather use electronic
storage
than sticking floppies in a safe, encrypt the password with Corporate Security's
public key, and email it to them with a Subject: line explaining what it is.
Retrieval is easy, and it's _not_ automatic; a human needs to be involved,
which is a Good Thing - this is _supposed_ to be an emergency backup.
If you don't trust it, split the key and email to two different Corporate
Security Management folks.  If you don't trust the users not to send bogus keys,
you shouldn't be trusting them with the information the keys protect.

(System V being what it was in those days, we protected the root password
to our computer by giving it to all the technically competent users so they
could reboot the VAX or exceed system limits to get their work done.  :-)



#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281