[708] in cryptography@c2.net mail archive
Re: Concern over Netscape announcement and GAK
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Tue May 6 14:28:05 1997
To: sameer <sameer@c2.net>
Cc: cryptography@c2.net, jsw@netscape.com
From: Marc Horowitz <marc@cygnus.com>
Date: 06 May 1997 14:18:41 -0400
In-Reply-To: sameer's message of Mon, 5 May 1997 21:32:23 -0700 (PDT)
sameer <sameer@c2.net> writes:
>> So while I accept that Netscape may not be consciously
>> planning to implement GAK in their products, the Netscape announcement
>> is still a very sad thing, as the government has effectively coerced
>> Netscape into implementing a GAK-future without them even realizing
>> it.
I think you're becoming a little too melodramatic.
At this point, I have to be on Netscape's side. Key recovery for
email and similar applications in a corporate environment *is* a valid
customer requirement. That the government could abuse it for
nefarious purposes is unfortunate, but that doesn't make it any less
valid.
Now, I would hope (Tom?) that Netscape is doing two things: separating
signature keys from encryption keys, so that you can only escrow the
encryption key, and supporting multiple encryption keys, so that I can
use one for corporate email and another for personal mail, without
jumping through hoops.
>> (ObPlug: C2Net does all its development offshore, and it not
>> subject to US government coercion with respect to crypto exports)
If C2Net ever does email, and wants to sell to corporate customers,
you'll end up doing some kind of recovery sooner or later, or lose
some customers.
Marc
