[759] in cryptography@c2.net mail archive
Employer access to keys (was: Full Strength Stronghold ...)
daemon@ATHENA.MIT.EDU (Mark Armbrust)
Thu May 8 14:08:53 1997
Date: Thu, 08 May 1997 10:40:56 -0600
To: cryptography@c2.net
From: Mark Armbrust <marka@ff.com>
>... The desire by the business to keep control over the
>proprietary work products of its employees often leads to a perceived
>need for key escrow/recovery.
>
>It may be possible to argue that the same effect can be achieved
>by providing employees with restricted encryption clients which
>always encrypts to a company key in addition to any other encryption.
>This can be done for file system encryption as well. From the business
>perspective, it may not be obvious that this solution is as good.
>Naive business owners like the idea that they have all the secret keys
>their employees have. It makes it obvious that the employees can't
>hide anything. The "extra company key" solution is more complicated
>and not as obvious to the naive customer.
This is an education issue. Encrypting to user key and company key is like
having the lock on my office door keyed to a master key. I can get into my
office, my boss can get into my office, but my coworkers cannot without the
boss's assistance.
--------------------------------------------------------------------------
| Mark Armbrust | Internet: marka@ff.com (preferred) |
| Forefront, Inc. | Compuserve: 74777,2132 |
| 4710 Table Mesa Drive, Suite B | Voice: 303-499-9181 ext. 113 |
| Boulder, CO 80303-5541, USA | Fax: 303-494-5446 |
--------------------------------------------------------------------------
