From: Carl Ellison <cme@TIS.COM>
To: cman@communities.com
Message Hash: 1ce376f860b2780b16d414411f09df066d273dbc2debe63f2d4d328992ab859c
Message ID: <9509082139.AA09726@tis.com>
Reply To: <199509082005.NAA22461@comsec.com>
UTC Datetime: 1995-09-08 21:44:11 UTC
Raw Date: Fri, 8 Sep 95 14:44:11 PDT
From: Carl Ellison <cme@TIS.COM>
Date: Fri, 8 Sep 95 14:44:11 PDT
To: cman@communities.com
Subject: Re: GAK
In-Reply-To: <199509082005.NAA22461@comsec.com>
Message-ID: <9509082139.AA09726@tis.com>
MIME-Version: 1.0
Content-Type: text/plain
>Date: Thu, 7 Sep 1995 13:09:03 -0800
>From: cman@communities.com (Douglas Barnes)
>
>One good (non-cypherpunk) argument against GAK is that it
>concentrates a very large quantity of valuable keys in a few
>places, where they become an extremely attractive target for
>government or corporate espionage.
[...]
>Note that a few million keys would fit very easily on even a
>low-end DAT tape (easily hidden in a pack of cigarettes).
The same danger happens with the TIS DRC (see the company web page), even
though there is no key escrow in the TIS system. Instead, the emergency
access field (Data Recovery Field (DRF)) is stored with the file -- but the
key which encrypts it is the public key of the Data Recovery Center (DRC).
If too much attractive stuff is available by loss of any one public key,
that key gets attacked. To compensate for this, the TIS DRC generates new
public keys periodically to give out to new (or old) customers.
However, a government warrant which demands the DRC's private key collection
would gain quite a harvest.
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@tis.com http://www.clark.net/pub/cme/home.html|
|Trusted Information Systems, Inc. http://www.tis.com/ |
|3060 Washington Road PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2|
|Glenwood MD 21738 Tel:(301)854-6889 FAX:(301)854-5363 |
+--------------------------------------------------------------------------+
Return to September 1995
Return to “Carl Ellison <cme@TIS.COM>”
Unknown thread root