From: shamrock@netcom.com (Lucky Green)
Date: Tue, 5 Sep 95 12:41:48 PDT
To: Bill Stewart <pfarrell@netcom.com
Subject: Re: Acceptable NIS&T restrictions
Message-ID: <v02120d02ac725e647251@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 17:20 9/4/95, Bill Stewart wrote:
[...]

>For Commercial Key Escrow, or commercial key-backup services, the criteria are
>"whoever can be trusted to provide the services the customers want".
>In this case, of course, the service most customers want is to be left alone,
>or, failing that, to have the government's Master Key system provide minimal
>risk
>to the security of the actual transactions - 64 bit keys are not enough
>security
>for any high-valued financial transactions, though they may suffice for
>credit cards.
>One required characteristic would appear to be either sufficiently deep pockets
>to collect judgements for violations of trust or a sufficiently high
>reputation that
>violations of trust are not expected.

I seems obvious to me that prospective key escrow agents would be exempt
from all liability for damages caused by releasing a key, exept in cases of
gross negligence. Gross negligence being defined as giving a key to a
person who explicitly states that they intend to use it for illegal
purposes.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.