[1260] in cryptography@c2.net mail archive
Re: Fortezza dying on the vine?
daemon@ATHENA.MIT.EDU (Kent Crispin)
Sun Jul 27 10:09:00 1997
Date: Sat, 26 Jul 1997 22:31:40 -0700
From: Kent Crispin <kent@songbird.com>
To: cryptography@c2.net
On Fri, Jul 25, 1997 at 03:01:47PM -0700, Matthew James Gering wrote:
>
> >This is THE important point, IMO. It is mundane commerce that is the
> >real force to reckon with in all the crypto debates. To the extent
> >that business wants key recovery mechanisms, there will be key
> >recovery mechanisms. The US gov may be able to bend things somewhat,
> >but the bottom line is the needs of commerce are what will drive things.
>
> The critical aspect of key-escrow is that there are uses where a company
> would want a key-recovery scheme (secure data storage), and there are others
> where it must be absolutely prohibitted (authentication, no-repudable
> signatures, communications encryption) for security reasons. Only the
> inter-oganizational uses (without pre-existing relationship) of the latter
> need to be part of a global PKI, therefore the market will not bear
> key-escrow as part of a PKI.
If by PKI you mean a web of cross-certified CAs or something similar,
I agree. Private key escrow and certified public key warehousing are
two completely separable functions, and the security requirements are
rather different. However, the combination might be marketed as a
"one-stop shop for all your crypto infrastructure needs" kind of
thing. That is, who knows what the market will do?
> The market will never accept GAK for commerce
> applications.
If you put your keys on a diskette, put the diskette in a safe-deposit
box, and the government subpoenas the key, does that count as GAK?
There are all kinds of means by which the government can get access to
keys that do not involve a government infrastructure to implement.
--
Kent Crispin "No reason to get excited",
kent@songbird.com the thief he kindly spoke...
PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html
