[758] in cryptography@c2.net mail archive
Re: Full Strength Stronghold 2.0 Released Worldwide
daemon@ATHENA.MIT.EDU (Rick Smith)
Thu May 8 14:07:51 1997
In-Reply-To: <19970507225925.26689@bywater.songbird.com>
Date: Thu, 8 May 1997 11:42:02 -0600
To: Kent Crispin <kent@songbird.com>, cryptography@c2.net
From: Rick Smith <smith@securecomputing.com>
Matt Blaze wrote:
> Anyway, any key recovery mechanism adds so much complexity to the system
> that, at a minimum, alternatives should be carefully explored first.
Kent Crispin replied:
>With all due respect, this is nonsense. Key Recovery has been
>implemented and deployed in commercial systems. It's conceptually
>obvious, and straightforward to implement.
I beg to differ. The fact that it's been deployed in a few products doesn't
say anything about it having been built or deployed correctly. There are
numerous ways to make key recovery work, each with its own subtle trade
offs regarding key safety and key availability. Until there have been a few
years of cycles of extensive deployment, upgrade, and routine usage of the
recovery process we really can't accurately say how clean, safe, and easy
it all is. It's even too soon to tell which of the numerous alternatives is
best for a particular purpose.
Rick.
smith@securecomputing.com
