[779] in cryptography@c2.net mail archive
Re: key recovery vs data backup
daemon@ATHENA.MIT.EDU (Bill Frantz)
Fri May 9 15:37:27 1997
In-Reply-To: <199705090341.UAA00226@crypt.hfinney.com>
Date: Fri, 9 May 1997 08:53:31 -0700
To: Hal Finney <hal@rain.org>, cryptography@c2.net
From: Bill Frantz <frantz@netcom.com>
At 8:41 PM -0700 5/8/97, Hal Finney wrote:
>The problem with the key-safe model is that it does not handle outgoing
>mail or other data. Outgoing email will be encrypted with keys of
>the destination, and management won't have access to its contents in
>a key-safe model. For some businesses this is an even more important
>requirement than local or incoming data access, because they are afraid
>their employees will export company secrets under the cover of encrypted
>email.
Firewall rule: Unless it is encrypted to the company key, it doesn't get
thru the firewall. (It can still be stegoed thru however.)
IMHO the problem companies worry about is not employees using email to
steal company secrets. Employees have too many other ways to get the
secrets out. What companies worry about is Trojan horses stealing company
secrets.
-------------------------------------------------------------------------
Bill Frantz | God could make the world | Periwinkle -- Consulting
(408)356-8506 | in six days because he did | 16345 Englewood Ave.
frantz@netcom.com | not have an installed base.| Los Gatos, CA 95032, USA
