[1053] in cryptography@c2.net mail archive
Re: (Fwd) New crypto bill clears committee
daemon@ATHENA.MIT.EDU (Matt Blaze)
Sat Jun 21 18:56:49 1997
To: Kent Crispin <kent@songbird.com>
cc: cryptography@c2.net
In-reply-to: Your message of "Sat, 21 Jun 1997 09:03:49 PDT."
<19970621090349.28346@bywater.songbird.com>
Date: Sat, 21 Jun 1997 15:48:41 -0400
From: Matt Blaze <mab@crypto.com>
kent@songbird.com said:
> You have to distinguish between GAK and CACK (Corporate Access to
> Corporate Keys). Many people believe there is a good case for the
> latter, but not the former. In fact, the "11 cryptographers" paper
> says this.
Actually, what we say is that whether corporate key recovery makes sense
depends very much on the particular application, environment and user:
Quoting key_study.tex:
> \subsection{Communication Traffic vs. Stored Data}
>
> While key ``recoverability'' is a potentially important added-value
> feature in certain stored data systems, in other applications of
> cryptography there is little or no user demand for this feature. In
> particular, there is hardly ever a reason for an encryption user to
> want to recover the key used to protect a communication session such
> as a telephone call, FAX transmission, or Internet link. If such a
> key is lost, corrupted, or otherwise becomes unavailable, the problem
> can be detected immediately and a new key negotiated. There is also
> no reason to trust another party with such a key. Key
> recoverability, to the extent it has a private-sector application at
> all, is useful only for the keys used to protect irreproducible
> stored data. There is basically no business model for other uses, as
> discussed below.
>
> In stored data applications, key recovery is only one of a number of
> options for assuring the continued availability of business-critical
> information. These options include sharing the knowledge of keys
> among several individuals (possibly using secret-sharing techniques),
> obtaining keys from a local key registry that maintains backup
> copies, careful backup management of the plaintext of stored
> encrypted data, or, of course, some kind of key recovery mechanism.
> The best option among these choices depends on the particular
> application and user.
>
> Encrypted electronic mail is an interesting special case, in that it
> has the characteristics of both communication and storage. Whether
> key recovery is useful to the user of a secure E-mail system depends
> on design of the particular system.
-matt
