[680] in cryptography@c2.net mail archive
Re: Full Strength Stronghold 2.0 Released Worldwide
daemon@ATHENA.MIT.EDU (Tom Weinstein)
Mon May 5 12:08:02 1997
Date: Sun, 04 May 1997 22:08:29 -0700
From: Tom Weinstein <tomw@netscape.com>
To: cryptography@c2.net
Tom Weinstein wrote:
>
> [I felt I had to let this go through, but I would advise that those
> involved restrict themselves to calmer comments from here on...
> --perry]
>
> This is utter crap, and I'm sure you know it. All we're going to do
> is provide an OPTIONAL (and I mean really optional, not the way the
> feds use it) way for administrators to recover private keys. This is
> not GAK. I will never work on a product that includes GAK.
>
> Oh, but I guess saying that Netscape is responding to customer
> requirements by including support for corporate key recovery wouldn't
> make such good press release spam.
I feel I should appologize for the tone of this. I think it's
warranted, but I shouldn't have reserved it solely for Sameer, and not
subjected the rest of you to it.
Just for a little more clarification, what we're proposing to do is
provide corporate key recovery in which keys will be escrowed by
the corporation, not by a government agency.
We're not doing this in exchange for permission to export stronger
crypto, but because our customers have required it of us. It's not
acceptable to most people for the loss of their password to mean that
they can't ever read any of their old mail again.
I hesitate to try to read the minds of the Feds, but I think they feel
that they can use existing legal mechanisms to get access to most
keys without the need for a central government key escrow system. Of
course, criminals will still be able to keep their keys secret, but
they don't seem to care too much about that.
--
You should only break rules of style if you can | Tom Weinstein
coherently explain what you gain by so doing. | tomw@netscape.com
