[686] in cryptography@c2.net mail archive
Re: Full Strength Stronghold 2.0 Released Worldwide
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Mon May 5 14:02:06 1997
To: Tom Weinstein <tomw@netscape.com>
Cc: sameer <sameer@c2.net>, cryptography@c2.net
From: Marc Horowitz <marc@cygnus.com>
Date: 05 May 1997 13:55:59 -0400
In-Reply-To: Tom Weinstein's message of Sun, 04 May 1997 20:22:36 -0700
Tom Weinstein <tomw@netscape.com> writes:
>> Oh, but I guess saying that Netscape is responding to customer
>> requirements by including support for corporate key recovery wouldn't
>> make such good press release spam.
(I don't want to sound contentious here, but it still does, a little.
I'm really curious about the answer.)
What exactly are the customer requirements for key recovery in a web
server? Key recovery (corporate, not GAK, of course) is only useful
in an environment where encryption is used to protect data storage,
not when encryption is only used for authentication and communication
security. If I lose my personal certificate or my server's
certificate, no data is lost, because nothing persistent uses that
key; the issuer can revoke the old one, and issue a new one.
Marc
