From: Bill Frantz <frantz@netcom.com>
To: Jon Callas <minow@apple.com
Message Hash: eeb92c3eb5de5112610b6181507ebd6ca1a1e538786bf67f5d9fa63972fa08e3
Message ID: <v03007809b060c1553f4f@[207.94.249.179]>
Reply To: <3.0.3.32.19971007142710.00a22970@mail.pgp.com>
UTC Datetime: 1997-10-08 05:07:14 UTC
Raw Date: Wed, 8 Oct 1997 13:07:14 +0800
From: Bill Frantz <frantz@netcom.com>
Date: Wed, 8 Oct 1997 13:07:14 +0800
To: Jon Callas <minow@apple.com
Subject: Re: What's really in PGP 5.5?
In-Reply-To: <3.0.3.32.19971007142710.00a22970@mail.pgp.com>
Message-ID: <v03007809b060c1553f4f@[207.94.249.179]>
MIME-Version: 1.0
Content-Type: text/plain
At 2:27 PM -0700 10/7/97, Jon Callas wrote:
>One of the downsides of cryptography is that if you lose your passphrase
>(or token, PIN, smart card, or whatever), you've lost your data. My
>favorite way of expressing this problem is, "if you lose the keys to your
>car, then you have to get a new car."
Jon clearly states one half of the problem here. The other half is what
seems to be below the surface in many of the responses to PGP 5.5. That
is, how do I achieve the secure deletion of data?
When I make a telephone call, I have an expectation that the only record of
the call will be in my memory and the memory of the person at the other
end. At one time, people recording telephone conversations were required
to include a beep every 15 seconds to notify the participants that this
expectation was being violated. (It seems this expectation has always been
violated by law enforcement.)
Now email is a confounding medium because it is both a transient
communication medium and a storage medium. We would like to be able to
have protection against losing access to our stored data, at the same time
we are sure that those who violate our trust and intercept our
communications can not read the data, when it is sent or at any time in the
future.
PGP 5.5 seems to have a solution to the "lose your data" problem. It does
not seem to address the secure deletion problem.
In the context of computer system backup, one paper at the last Usenix
Security Conference suggested implementing secure deletion by encrypting
the data on the backup tape and then destroying the key when you wanted to
delete the data.
-------------------------------------------------------------------------
Bill Frantz | Internal surveillance | Periwinkle -- Consulting
(408)356-8506 | helped make the USSR the | 16345 Englewood Ave.
frantz@netcom.com | nation it is today. | Los Gatos, CA 95032, USA
Return to October 1997
Return to ““William H. Geiger III” <whgiii@invweb.net>”