[746] in cryptography@c2.net mail archive
Re: key recovery vs data backup
daemon@ATHENA.MIT.EDU (Kent Crispin)
Wed May 7 22:15:16 1997
Date: Wed, 7 May 1997 18:54:46 -0700
From: Kent Crispin <kent@songbird.com>
To: cryptography@c2.net
On Tue, May 06, 1997 at 05:15:35PM -0400, Carl Ellison wrote:
> At 01:45 PM 5/6/97 -0700, Anil Das wrote:
> > Far as I can see the intention is indeed for someone else
> >to be able to read your email. Just that that someone else is not
> >the government.
> >
> > Customer != User
> >
> > There are many corporations who have a stated policy that
> >all email crossing the firewall will be examined to make sure that
> >no corporate information is being leaked or stolen.
>
> The appropriate way to achieve this is to list the corporate firewall
> as a crypto recipient (or to list your group manager as one, if
> your mail needs to be readable by him) -- not to provide a default
> access path which might be exploited by the enemy.
"Appropriate" by what criteria? Key recovery systems can be just as
secure as the methods you describe. They also have the virtue of a
direct, clear, intuitive model that can be explained to a corporate
executive in 5 minutes. [All keys are kept in a virtual safe; the
company has guaranteed access to *all* encrypted data; the keys are
just as secure as the safe is, and it can be made very secure.]
This is simple and understandable, it clearly works, and the
tradeoffs and dangers are pretty clear.
On the other hand, if you tried to sell an executive on the idea that
everyone in the company should use rump96.html for key recovery, you
probably won't get very far. It is fundamentally an individual
solution, not an organizational one.
--
Kent Crispin "No reason to get excited",
kent@songbird.com the thief he kindly spoke...
PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html
