From: Martin Minow <minow@apple.com>
Date: Thu, 25 Sep 1997 06:16:15 +0800
To: Black Unicorn <cypherpunks@cyberpass.net
Subject: What is a crypto product. Was [nobody@replay.com: Re: "priorproducts"]
In-Reply-To: <199709170339.AA02198@swan.lcs.mit.edu>
Message-ID: <v03010d02b04f30786da9@[17.202.40.158]>
MIME-Version: 1.0
Content-Type: text/plain



(I've changed the list from coderpunks to cypherpunks, as this is
getting off-topic for the former list.)

At 12:48 AM -0500 9/17/97, Black Unicorn wrote:
>
>This brings up interesting coding implications.  What is a "cryptographic
>product" and to what extent can key generation be seperated from the
>definition.  To what extent do we want it to be?
>

I would say that a "cryptographic product" is any [insert patent
lawyer language here] that can be used to encrypt or decrypt a
message, and a "key" (the thing you escrow) is the mechanism
by which a message is converted between plaintext and encrypted
text. (Note, then, that I am including both halves of a public
key pair.)

By this, admittedly devil's advocate, reasoning, the sender would
have to escrow the actual session key, not just the private
key that the receiver uses to recover the session key. After all,
if you use PGP to encrypt a message using a public key -- and
don't possess the corresponding private key -- you couldn't read
your own message, but my reading of the law is that the
government still must have immediate access to the plaintext.

Martin Minow
minow@apple.com