From: “P.J. Ponder” <ponder@wane-leon-mail.scri.fsu.edu>
To: cypherpunks@toad.com
Message Hash: a491a6f2a8175b15f40f653d8766f59614dbd0cbc56a6cdf2537973d99ebc442
Message ID: <Pine.3.89.9602222300.G20538-0100000@wane3.scri.fsu.edu>
Reply To: N/A
UTC Datetime: 1996-02-24 00:20:27 UTC
Raw Date: Sat, 24 Feb 1996 08:20:27 +0800
From: "P.J. Ponder" <ponder@wane-leon-mail.scri.fsu.edu>
Date: Sat, 24 Feb 1996 08:20:27 +0800
To: cypherpunks@toad.com
Subject: Re: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <Pine.3.89.9602222300.G20538-0100000@wane3.scri.fsu.edu>
MIME-Version: 1.0
Content-Type: text/plain
Steve Walker wrote to John Young:
(large piece snipped; good stuff though.)
+ Suppose the U.S. government had never thought of placing
export controls on cryptography...
We would now have widespread use of encryption, both
domestically and worldwide; we would be in a state of
"Utopia," with widespread availability of cryptography
with unlimited key lengths. But, once in this state, we
will face situations where we need a file that had been
encrypted by an associate who is unavailable (illness,
traffic jam, or change of jobs). We will then realize
that we must have some systematic way to recover our
encrypted information when the keys are unavailable.
When we add a user-controlled key recovery capability to
our Utopia, we find ourselves in an "Ultimate Utopia,"
with unlimited key length cryptography, widely available
through mass market applications, and user-controlled
key recovery.
The first paragraph here bothered me. If a user (or an organization)
needs to have access to data that was encrypted by an associate ( or one
of its employees) wouldn't sound practice require that the key not be
entrusted to just one person? I don't see the need for any fancy
"key-recovery" protocol with any outside entities. We can handle this
internally in my shop. Some keys I give a copy to Alice, and down the
hall Bob has some, too. If I get hit by the bus, they can get my company
related data back. We don't need any "service" or "licensee" or "trusted
third party" or any of that, thank you very much. And we don't need any
one developing OTPs for us either, and we don't need government agencies
keeping copies of any of our keys.
Am I in the state of utopia already, is this what "user controlled key
recovery" means? I think it's just common sense and sound management
practice. If you know that your co-worker/colleague/summer intern, etc
is encrypting your business related data, you should make sure you can
get it back if she doesn't come back from lunch. Let her keep her own
PGP passphrase, though. That's her business.
--
I am now going to push a button and cause this to quantumly re-assemble
in California. Really two buttons (Ctrl-X). One observes, one measures.
--
send message body: "unsubscribe cypherpunks yourmailbox@domain" to:
majordomo@toad.com to drop off the list. Don't put it in quotes, tho.
Return to February 1996
Return to ““P.J. Ponder” <ponder@wane-leon-mail.scri.fsu.edu>”
1996-02-24 (Sat, 24 Feb 1996 08:20:27 +0800) - Re: TIS–Building in Big Brother for a Better Tommorrow - “P.J. Ponder” <ponder@wane-leon-mail.scri.fsu.edu>