1997-06-15 - Re: IBM sues critics?

Header Data

From: Paul Bradley <paul@fatmans.demon.co.uk>
To: John Smith <jsmith58@hotmail.com>
Message Hash: 6f38cb65f12cacd19e5b527676b3e4144211fbe1b1c9f263b211729db09044da
Message ID: <Pine.LNX.3.91.970615121118.2171B-100000@fatmans.demon.co.uk>
Reply To: <199706150054.RAA05736@f23.hotmail.com>
UTC Datetime: 1997-06-15 14:45:54 UTC
Raw Date: Sun, 15 Jun 1997 22:45:54 +0800

Raw message

From: Paul Bradley <paul@fatmans.demon.co.uk>
Date: Sun, 15 Jun 1997 22:45:54 +0800
To: John Smith <jsmith58@hotmail.com>
Subject: Re: IBM sues critics?
In-Reply-To: <199706150054.RAA05736@f23.hotmail.com>
Message-ID: <Pine.LNX.3.91.970615121118.2171B-100000@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain

> Can someone explain the difference between key recovery and key
> escrow?  The IBM white paper describes it at
> http://www.ibm.com/security/html/pp_global5.html in terms of
> giving a keys or a combination to your neighbors, but the
> analogy was hard to follow.

Key escrow is where your keys are held by one or more trusted and 
supposedly independent third parties, on reciept of a court order they 
would release the keys.
Key recovery is more like the clipper scheme where there was a LEAF (law 
enforcement access field) which allowed the LEA to decrypt communications.

But in the end it all comes down to GAK (government access to keys), same 
shit, different name. Forgive me if this explanation is a little hazy, I 
have a mighty hangover (still only 12:15 sunday morning here).

        Datacomms Technologies data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
      Email for PGP public key, ID: FC76DA85
     "Don`t forget to mount a scratch monkey"