At 4:20 PM -0500 11/1/00, Eric Murray wrote:
On Wed, Nov 01, 2000 at 03:56:56PM -0500, David Honig wrote:
Are there equivalent methods which don't use escrowed keys, which I am unaware of?
I beleive it was Eric Hughes who at a Cypherpunks meeting about four years ago, said "the solution isn't key escrow, it's document escrow". Which makes sense- a business doesn't (or shouldn't) allow employees to keep a single copy of an important document on their hard drive. It should be replicated in other known places in case of disaster (drive failure, stolen computer, employee hit by bus, etc). Just because documents are encrypted doesn't mean that this practice is abandoned.
One can envision a system where there's a corporate "document czar" who is regularly given docs from various employees and who then encrypts them in his own key. When and where the docs get decrypted is determined by corporate policies. No key escrow required.
Exactly. A pity we can't easily draw pictures here in mailinglistspace. If we were at a blackboard, we could easily see that the issue of encryption is clearly partitioned thusly: * Alice's files, stored on her local computer or file repository. Maybe in plaintext, maybe in encrypted form. * Files in transit between Alice's site and Bob's site. These should at the very least be link-encrypted, and possibly end-to-end encrypted with PKS tools. Forward secrecy is also good, so that the transit keys can't be recovered. * And then of course the files at Bob's computer, in plaintext or encrypted. Or, more simply, files at sites and files in transit. Alice may have partners or bosses who have rules about how she leaves the files on her machine, encrypted or not encrypted, backed-up or not backed-up. But her storage is SEPARABLE from files in transit.
I don't know of any existing system like this, but formal corporate document control isn't my field.
There are companies doing exactly this kind of document control for large and small companies, for hospitals, for schools, etc. They offer services for back ups to vaults and repositories, for key control, for distribution, and tools for collaboration. Mentor, Oracle, Adobe, and many others are in this market. If ZKS plans to enter this market, good luck to them. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.