[3655] in cryptography@c2.net mail archive
Re: DCSB: Risk Management is Where the Money Is; Trust in Digital Comm
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Mon Nov 16 19:10:13 1998
From: "Enzo Michelangeli" <em@who.net>
To: "Ian BROWN" <I.Brown@cs.ucl.ac.uk>, "David Hayes" <david.hayes@mci.com>
Cc: "cryptography" <cryptography@c2.net>
Date: Tue, 17 Nov 1998 07:55:23 +0800
-----Original Message-----
From: David Hayes <david.hayes@mci.com>
Date: Tuesday, November 17, 1998 12:55 AM
>At 10:56 AM 11/13/98 +0100, Ian BROWN wrote:
>> [description of UK's OFTEL plan to license CA's and require that they
>> escrow any encryption keys they certify.]
>>
>>Oh, and CAs aren't allowed to be licensed for certifying signature-only
keys
>>but unlicensed for certifying encryption-capable keys.
>
>Sounds like a CA could avoid a significant paperwork load by simply
>declaring (and enforcing) a policy that it would only certify
>signature-only keys.
>
>Or am I missing something obvious here?
Especially considering that, if providing the unescrowed encryption keys
should prove a good business, the same shareholders could establish a
separate, unlicensed sister organization managed at arm's length... This is
a second way of circumventing those restrictions, the first one being
writing software that does not honor the "sign-only" flag and uses the
signature certs to authenticate ephemeral sessions.
Enzo
