[1056] in cryptography@c2.net mail archive
Re: (Fwd) New crypto bill clears committee
daemon@ATHENA.MIT.EDU (Matt Blaze)
Sun Jun 22 09:35:40 1997
To: Kent Crispin <kent@songbird.com>
cc: cryptography@c2.net
In-reply-to: Your message of "Sat, 21 Jun 1997 09:03:49 PDT."
<19970621090349.28346@bywater.songbird.com>
Date: Sat, 21 Jun 1997 15:48:41 -0400
From: Matt Blaze <mab@crypto.com>
kent@songbird.com said:
> On Fri, Jun 20, 1997 at 10:49:57AM -0700, Alan wrote: On Fri, 20 Jun
> 1997 geeman@best.com wrote: > you'd better be able to show a
> bad-for-business case. There is a real big "bad for business" case.
> What happens when someone walks off with the key database? (This is
> not a question of if, only a question of when.) What kind of
> competitive boost would that kind of information give the French,
> Japanese, Isreali, or other government sponsored business? And how
> do you prove it?
> You have to distinguish between GAK and CACK (Corporate Access to
> Corporate Keys). Many people believe there is a good case for the
> latter, but not the former. In fact, the "11 cryptographers" paper
> says this.
Actually, what we say is that whether corporate key recovery makes sense
depends very much on the particular application, environment and user:
Quoting key_study.tex:
> \subsection{Communication Traffic vs. Stored Data}
>
> While key ``recoverability'' is a potentially important added-value
> feature in certain stored data systems, in other applications of
> cryptography there is little or no user demand for this feature. In
> particular, there is hardly ever a reason for an encryption user to
> want to recover the key used to protect a communication session such
> as a telephone call, FAX transmission, or Internet link. If such a
> key is lost, corrupted, or otherwise becomes unavailable, the problem
> can be detected immediately and a new key negotiated. There is also
> no reason to trust another party with such a key. Key
> recoverability, to the extent it has a private-sector application at
> all, is useful only for the keys used to protect irreproducible
> stored data. There is basically no business model for other uses, as
> discussed below.
>
> In stored data applications, key recovery is only one of a number of
> options for assuring the continued availability of business-critical
> information. These options include sharing the knowledge of keys
> among several individuals (possibly using secret-sharing techniques),
> obtaining keys from a local key registry that maintains backup
> copies, careful backup management of the plaintext of stored
> encrypted data, or, of course, some kind of key recovery mechanism.
> The best option among these choices depends on the particular
> application and user.
>
> Encrypted electronic mail is an interesting special case, in that it
> has the characteristics of both communication and storage. Whether
> key recovery is useful to the user of a secure E-mail system depends
> on design of the particular system.
-matt
