[2970] in cryptography@c2.net mail archive
Re: IETF building GAK into the PKI
daemon@ATHENA.MIT.EDU (P.J. Ponder)
Wed Jul 15 15:02:14 1998
Date: Wed, 15 Jul 1998 14:37:45 -0400 (EDT)
From: "P.J. Ponder" <ponder@mail.irm.state.fl.us>
To: Vin McLellan <vin@shore.net>
Cc: Carl Ellison <cme@acm.org>, cryptography@c2.net
In-Reply-To: <v04003a04b1d1feb957fa@[198.115.179.81]>
On Wed, 15 Jul 1998, Vin McLellan wrote:
(agreeing with Carl Ellison about mail user agents being able to decrypt
messages and store data/messages with storage keys....)
> But European firms -- like their American counterparts -- may be
> expected to demand the right to recover company data stored encrypted on
> company computers, even under an employee's personal key. Only if mailers
The part here that concerns me is 'employee's personal key'. If it is
company data, why would it not be stored with a corporate key, or the
'employee's corporate key'. Company policy should not permit storage of
company data with personal keys. Is this about situations where employees
are charged with stealing company secrets or something similar where legal
(criminal) process would be used to force employees to divulge 'personal
keys'? I can't imagine many situations other than criminal investigations
where divulging 'personal keys' would be coerced, and even then it may
require some probable cause, due process, etc.
--
pj
<. . . .>
