[706] in cryptography@c2.net mail archive
Re: Full Strength Stronghold 2.0 Released Worldwide
daemon@ATHENA.MIT.EDU (Tom Weinstein)
Tue May 6 12:17:10 1997
Date: Tue, 06 May 1997 09:00:04 -0700
From: Tom Weinstein <tomw@netscape.com>
To: Adam Shostack <adam@homeport.org>
CC: cryptography@c2.net
Adam Shostack wrote:
>
> I agree with Sameer here. What is the requirement being served by
> KR/OKAY in Netscape's system?
>
> Adam
>
> (I also like Sameer's use of KR/OKAY and KR/GAK to indicate how close
> they are to each other. Mandated OKAY features can be turned into
> GAK. Better to let the market decide which KR features are needed,
> and how to implement them.)
My previous use of a recovering from loss of a server key was a bad
example. We don't actually intend our KR solution to include server
keys. Those will be recoverable from backups of the key database or
from our key import/export mechanism.
The real purpose of KR is for recovering keys for encrypted email.
This is a market driven requirement. We've had numerous meetings with
customers trying to figure out what their requirements are. The most
requested thing has been key recovery. Administrators are scared to
death that as soon as their users start sending encrypted email all
hell will break loose. They need a way to recover from lost keys and
forgotten password.
--
You should only break rules of style if you can | Tom Weinstein
coherently explain what you gain by so doing. | tomw@netscape.com
