From: Douglas Barnes <cman@c2.net>
To: cypherpunks@toad.com
Message Hash: b9dc349853c0e51cf73f4840437da4301772a77efa110649318a7198923bc925
Message ID: <2.2.32.19961217081458.009cb230@blacklodge.c2.net>
Reply To: N/A
UTC Datetime: 1996-12-17 08:17:26 UTC
Raw Date: Tue, 17 Dec 1996 00:17:26 -0800 (PST)
From: Douglas Barnes <cman@c2.net>
Date: Tue, 17 Dec 1996 00:17:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: File vs. Communication Key Escrow
Message-ID: <2.2.32.19961217081458.009cb230@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain
Jumping on the bandwagon a bit here...
Walt makes a plausible business case for key escrow for software
that encrypts static information for archival purposes.
Has anyone been able to come up with a good business case for
key escrow of communications keys? Note that if you're concerned
about communications history, that this is really just a special
case of static information that is archived.
Note that all key escrow proposals to date have focused almost
entirely on "escrow" of keys used in communication. The recent
attempts to manufacture a business case for this by confusing
these two very different situations is part of the tactics we have
come to expect from the government when dealing with this issue.
If anything good can be said about the badly written, vague and
clearly unconstitutional new regulations from the Department of
Commerce, it's that they're less mealy-mouthed and weasling than
previous attempts to explicate the government position on
cryptography.
At 11:23 PM 12/16/96 -0800, stewarts@ix.netcom.com wrote:
>Walt Armour <walt@blarg.net> wrote:
>> If I encrypt a $10 million dollar proposal and then get 86'd in
>> a car accident I would like to go to my grave knowing that the
>> company could get the proposal back. ....
>
>Anyone who stores a $10m proposal on only one machine,
>without making backups on somebody else's machine, preferably
>out of the building, is asking for the Clue Fairy to send him
>disk drive gremlins and software from Bill Gates to scribble on his disk,
>and his company should probably consider 86ing him before he
>strikes again :-)
>
>Slightly more seriously, there are certainly corporate reasons to
>store backups of keys for important data, such as backup tapes
>and communications. GAK-style technology is the wrong level approach
>for communications - GAK-style access to keys is useless unless
>you've also backed up the data, so if your corporate officers need
>the data, give it to them encrypted with their own keys.
>Similarly, if you want backup access to keys used to encrypt files,
>back up the keyrings, maybe using a secret-sharer if you want to require
>multiple people to access the backup, or just have the backups of
>the files encrypted with the keys for the backup server.
>
>> BUT in regards to the general populace, I do not advocate any form of
>> key escrow/recovery.
>
># Thanks; Bill
># Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
># You can get PGP outside the US at ftp.ox.ac.uk
># (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
># so please Cc: me on replies. Thanks.)
>
>
Return to December 1996
Return to “Douglas Barnes <cman@c2.net>”
1996-12-17 (Tue, 17 Dec 1996 00:17:26 -0800 (PST)) - File vs. Communication Key Escrow - Douglas Barnes <cman@c2.net>