[687] in cryptography@c2.net mail archive
Re: Full Strength Stronghold 2.0 Released Worldwide
daemon@ATHENA.MIT.EDU (Tom Weinstein)
Mon May 5 14:19:14 1997
Date: Mon, 05 May 1997 11:12:23 -0700
From: Tom Weinstein <tomw@netscape.com>
To: Marc Horowitz <marc@cygnus.com>
CC: cryptography@c2.net
Marc Horowitz wrote:
>
> Tom Weinstein <tomw@netscape.com> writes:
>
>>> Oh, but I guess saying that Netscape is responding to customer
>>> requirements by including support for corporate key recovery
>>> wouldn't make such good press release spam.
>
> (I don't want to sound contentious here, but it still does, a little.
> I'm really curious about the answer.)
>
> What exactly are the customer requirements for key recovery in a web
> server? Key recovery (corporate, not GAK, of course) is only useful
> in an environment where encryption is used to protect data storage,
> not when encryption is only used for authentication and communication
> security. If I lose my personal certificate or my server's
> certificate, no data is lost, because nothing persistent uses that
> key; the issuer can revoke the old one, and issue a new one.
Its only reasonable use is to recover lost keys. Yes, this isn't
strictly necessary, but when getting a certificate costs money, it can
be reasonable.
It can also be used by fascist administrators who want unwarranted
control over their user's lives, but that's not a goal.
--
You should only break rules of style if you can | Tom Weinstein
coherently explain what you gain by so doing. | tomw@netscape.com
