From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 11 Oct 1996 05:57:06 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Forward Privacy" for ISPs and Customers
In-Reply-To: <v03007800ae831534b603@[207.167.93.63]>
Message-ID: <199610110825.JAA00347@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Tim May <tcmay@got.net> writes:
> At 11:42 AM -0700 10/10/96, Bill Frantz wrote:
> >At 10:13 AM 10/9/96 -0800, Timothy C. May wrote:
> >>[...]
> >One technical approach is described in:
> >
> >"A Revocable Backup System", dabo@cs.princeton.edu (Dan Boneh) and
> >rjl@cs.princeton.edu (Richard J. Lipton) in The 6th USENIX Security
> >Symposium Proceedings.
> >
> >Basically the idea is to encrypt the file on the backup (tape) and then
> >lose the encryption key when you want to "forget" the file.
> 
> Given that keys = data, this just transfers the problem from one set of
> data to another set of data. (Wanna bet a lot of ISPs would keep backups of
> the disk with the keys on it?)

They could always use public key crypto, and use the _user's_ public
key for the users data, then the ISP hasn't got the private key to
leave lying around, or to divulge in case of a supeona.  The backups
are for the _users_ benefit so this puts the onus of key management of
encrypted backups where it belongs, with that user.

Of course, as Ray (?) pointed out, an ISP is going to translate this
into unnecessary complications, and won't bother unless someone offers
a service differentiated on this point, and this kind of service gets
popular.

I'm sure that this would be easy to implement with unix, a shell
script.  If anyone wants one, I'll write it.  (Just have a .pgp-backup
file containing a PGP public key in any directories you want encrypted
backups rather than clear backups, say)

Adam

[the rsa .sig just got smaller still]
--
#!/bin/perl -sisN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsjxII*op"
$/=unpack('H*',<>);print pack('C*',split('\D+',`echo 16i\U$k"SK$/SM$n\E$^I|dc`))