[712] in cryptography@c2.net mail archive
key recovery vs data backup
daemon@ATHENA.MIT.EDU (Adam Back)
Tue May 6 16:31:22 1997
Date: Tue, 6 May 1997 21:09:24 +0100
From: Adam Back <aba@dcs.ex.ac.uk>
To: cryptography@c2.net
Some people are voicing concerns that Netscape by supporting OKAY
(Optional Key Access for Yourself) is helping the Forces of Darkness
have a fully prepared GAK infrastructure.
>From Tom's description of what Netscape is thinking of doing it would
seem that they are planning to archive (or escrow) encryption keys
used to encrypt email communications.
If the stated interest is to maintain the ability to read old email,
it seems to me that archiving _communication_ keys not the best way to
acheive this. You yourself have no use for communcation key escrow
because you don't have archives of your communications; law
enforcement is interested in the escrowing of encryption keys used to
protect communications because they do plan to have archives of your
communications.
If you want to archive the email you are sending, and/or receiving it
would seem better to do your archiving in plaintext, or optionally to
encrypt your archive with a separate archiving encryption key which
you keep backups of.
Ie have 3 keys in the picture:
signature only keys
communication encryption keys
archiving encryption keys
Archive and encrypt your archives however you like, this separates the
issue from the GAK argument.
Personally I'd sooner Diffie-Hellman (forward secrecy) were used for
communication encryption; that way there are no permanent
communication keys for law enforcement to argue about. Unfortunately
forward secret D-H is interactive, and email transfer protocols are
not; this is the source of my interest in non-interactive forward
secrecy protocols.
Adam
--
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
