[688] in cryptography@c2.net mail archive
Re: Full Strength Stronghold 2.0 Released Worldwide
daemon@ATHENA.MIT.EDU (Duncan Frissell)
Mon May 5 17:51:21 1997
Date: Mon, 05 May 1997 17:47:39 -0400
To: Marc Horowitz <marc@cygnus.com>, Tom Weinstein <tomw@netscape.com>
From: Duncan Frissell <frissell@panix.com>
Cc: cryptography@c2.net
In-Reply-To: <t53iv0xpzv4.fsf@rover.cygnus.com>
At 01:55 PM 5/5/97 -0400, Marc Horowitz wrote:
>(I don't want to sound contentious here, but it still does, a little.
>I'm really curious about the answer.)
>
>What exactly are the customer requirements for key recovery in a web
>server? Key recovery (corporate, not GAK, of course) is only useful
>in an environment where encryption is used to protect data storage,
>not when encryption is only used for authentication and communication
>security. If I lose my personal certificate or my server's
>certificate, no data is lost, because nothing persistent uses that
>key; the issuer can revoke the old one, and issue a new one.
Correct me if I'm wrong (Tom) but future Netscape products are going to
support s/mime (or whatever) for in their mail clients, aren't they?
Certainly central storage of keys within a business would be handy for
encrypted mail. Any users who cared to dodge same could encrypt with PGP
Mail's Netscape plug in in advance in any case.
DCF
