cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1997-02-11 - Re: Encrypted filing of patents sans GAK?

Header Data

From: Bill Neugent <wneugent@smiley.mitre.org>
To: willis@rand.org
Message Hash: 7dcfc0b10263cd2f810d42f10f0f7f765beb3dcf852f1b71de054623558855ad
Message ID: <199702111411.GAA19378@toad.com>
Reply To: N/A
UTC Datetime: 1997-02-11 14:11:55 UTC
Raw Date: Tue, 11 Feb 1997 06:11:55 -0800 (PST)

Raw message

From: Bill Neugent <wneugent@smiley.mitre.org>
Date: Tue, 11 Feb 1997 06:11:55 -0800 (PST)
To: willis@rand.org
Subject: Re: Encrypted filing of patents sans GAK?
Message-ID: <199702111411.GAA19378@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Willis,
My understanding is that Patty Edfors is overseeing *two* groups of pilots.
One group to experiment with PKIs in government agencies and another group
of ten, as David Aaron said, to "demonstrate the practicality" of key
recovery. The quotes are from my notes of Aaron's talk at the RSA Data
Security Conference. Aaron *did* mention as an example the "filing of
patent applications to the patent office" as an activity that is to explore
key recovery, but I know nothing of the specifics of that.

Also, my understanding is that the intent is definitely *not* to store
private keys used for signing. The GAO has issued a ruling that this is a
no-no. I agree with your judgment that doing so would compromise the
protection one expects from digital signatures. Besides, as one of the
speakers noted at the Conference last week, the evidentiary value of data
gained from wiretapping surely would lose some of its value if a third
party were holding private signature keys of the culprit being wiretapped.

Bill

 >--
>Folder: YES
>--
>Sir:
>
>I believe that the words have been misleading.  According to a briefing that
>I heard in December at a meeting of the Computer System Security and
>Advisory Board, Ms. Patty Efors of the Department of Treasury described a
>group of 10 pilot projects designed to test the efficacy and application of
>digital key signatures in government agencies.  I recall no mention of key
>recovery and in fact, I would assert that if the private keys used in
>digital-signature schemes are in the hands of a 3rd party, the protection
>expected from a digital signature will have been compromised.
>
>Presumably Ambassador Aaron and Ms. Edfors were talking about the same 10
>projects; and if so, then the Ambassador's presentation was confused.
>
>                                        Willis H. Ware
>                                        Santa Monica, CA

Thread