[681] in cryptography@c2.net mail archive
Re: Full Strength Stronghold 2.0 Released Worldwide
daemon@ATHENA.MIT.EDU (Bill Frantz)
Mon May 5 12:20:51 1997
In-Reply-To: <336D6B4D.59E2@netscape.com>
Date: Sun, 4 May 1997 23:27:34 -0700
To: Tom Weinstein <tomw@netscape.com>, cryptography@c2.net
From: Bill Frantz <frantz@netcom.com>
At 10:08 PM -0700 5/4/97, Tom Weinstein wrote:
>Just for a little more clarification, what we're proposing to do is
>provide corporate key recovery in which keys will be escrowed by
>the corporation, not by a government agency.
>
>We're not doing this in exchange for permission to export stronger
>crypto, but because our customers have required it of us. It's not
>acceptable to most people for the loss of their password to mean that
>they can't ever read any of their old mail again.
Tom - I, and I suspect others, would appreciate knowing exactly which keys
are covered by this customer requirement. I see Netscape dealing with the
following keys:
* Long term SSL signature key.
* SSL session key.
* Are there any others???
I agree it would be a drag to lose your SSL signature key, considering what
a VeriSign cert costs and possible lost business etc. On the other hand,
the SSL session keys cover only communication. Since web servers don't
normally save the cypher text of SSL sessions, there is little reason to
save the keys.
-------------------------------------------------------------------------
Bill Frantz | God could make the world | Periwinkle -- Consulting
(408)356-8506 | in six days because he did | 16345 Englewood Ave.
frantz@netcom.com | not have an installed base.| Los Gatos, CA 95032, USA
