From: adam@bwh.harvard.edu (Adam Shostack)
To: ic58@jove.acs.unt.edu (Childers James)
Message Hash: a9afedfcd706796a7e95260984f650ee3d7850224261497b7f0310a38ba2841e
Message ID: <9508182017.AA03042@joplin.harvard.edu>
Reply To: <Pine.SOL.3.91.950818144033.6796A-100000@jove.acs.unt.edu>
UTC Datetime: 1995-08-18 20:23:58 UTC
Raw Date: Fri, 18 Aug 95 13:23:58 PDT
From: adam@bwh.harvard.edu (Adam Shostack)
Date: Fri, 18 Aug 95 13:23:58 PDT
To: ic58@jove.acs.unt.edu (Childers James)
Subject: Re: Cypherpunks' ideal escrow agent
In-Reply-To: <Pine.SOL.3.91.950818144033.6796A-100000@jove.acs.unt.edu>
Message-ID: <9508182017.AA03042@joplin.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain
| I've seen the idea of voluntary key escrow discussed before on this list.
| (And no, not the government's idea of "voluntary", either.) A question I
| would raise is this: What would be the ideal setup for an escrow agency?
| If I were to open up an agency for business, what would be some
| characteristics you would look for?
From the top down:
I'd want to see a board of directors with several well known,
well respected cypherpunks on it. I wouldn't trust 'Joe the
cypherpunks' escrow agency any farther than I could throw it, becuase
I expect the FBI and NSA will both set them up as stings.
I'd want to see it well financed; legal fees will not be small
if the KEA is really on my side.
A few good technical people involved to make sure that the
actual key databases are well encrypted and protected, and that
individual keys can be extracted without extracting an entire
database. If I was actually going to extract keys, I'd want to see a
two or three passphrase extraction procedure, so that theres no single
point of bribery/extortion.
A nice location in an offshore banking haven.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Return to August 1995
Return to “Childers James <ic58@jove.acs.unt.edu>”