[201] in cryptography@c2.net mail archive
Re: Encrypted filing of patents sans GAK?
daemon@ATHENA.MIT.EDU (Lance J. Hoffman)
Sat Feb 8 16:37:58 1997
From: "Lance J. Hoffman" <hoffman@seas.gwu.edu>
To: wneugent@smiley.mitre.org (Bill Neugent)
Date: Sat, 8 Feb 1997 14:58:43 -0500 (EST)
Cc: willis@rand.org, cryptography@c2.net
In-Reply-To: <v01510103af2248ef5d88@[128.29.162.45]> from "Bill Neugent" at Feb 8, 97 11:31:49 am
Is it too much to hope that the ambassador has an, ahem, e-mail address,
where he or his staff could get these questions and clear them up? If anyone
knows of one or can easily get this to him, they might wish to do so.
Lance Hoffman
>
> Willis,
> My understanding is that Patty Edfors is overseeing *two* groups of pilots.
> One group to experiment with PKIs in government agencies and another group
> of ten, as David Aaron said, to "demonstrate the practicality" of key
> recovery. The quotes are from my notes of Aaron's talk at the RSA Data
> Security Conference. Aaron *did* mention as an example the "filing of
> patent applications to the patent office" as an activity that is to explore
> key recovery, but I know nothing of the specifics of that.
>
> Also, my understanding is that the intent is definitely *not* to store
> private keys used for signing. The GAO has issued a ruling that this is a
> no-no. I agree with your judgment that doing so would compromise the
> protection one expects from digital signatures. Besides, as one of the
> speakers noted at the Conference last week, the evidentiary value of data
> gained from wiretapping surely would lose some of its value if a third
> party were holding private signature keys of the culprit being wiretapped.
>
> Bill
>
> >--
> >Folder: YES
> >--
> >Sir:
> >
> >I believe that the words have been misleading. According to a briefing that
> >I heard in December at a meeting of the Computer System Security and
> >Advisory Board, Ms. Patty Efors of the Department of Treasury described a
> >group of 10 pilot projects designed to test the efficacy and application of
> >digital key signatures in government agencies. I recall no mention of key
> >recovery and in fact, I would assert that if the private keys used in
> >digital-signature schemes are in the hands of a 3rd party, the protection
> >expected from a digital signature will have been compromised.
> >
> >Presumably Ambassador Aaron and Ms. Edfors were talking about the same 10
> >projects; and if so, then the Ambassador's presentation was confused.
> >
> > Willis H. Ware
> > Santa Monica, CA
>
>
>
--
Professor Lance J. Hoffman
Dept of Elec Eng and Comp Sci, The Geo Washington U, 801 22nd St NW
Wash DC 20052 (202) 994-5513 Fax: (202) 994-0227 hoffman@seas.gwu.edu
See also info on the Cyberspace Policy Institute: http://www.cpi.seas.gwu.edu/
