On Thu, 27 Mar 1997, Kent Crispin wrote:
The PGP web of trust idea is more than sufficient.
No, it is completely inadequate. I am the office-supply manager the San Francisco branch of Big Well-known Company, Inc. I have signature authority in the company for purchases up to $5000, otherwise I have to get higher-up approval. I have a "company signature" which is authorized for that amount, one of about 800 such signatures. I wish to purchase office supplies from a large office supply wholesaler in New York, which has literally tens of thousands of customers. The "web of trust" model simply does not handle this kind of situation well. I realize that some of the keyservers are very high performance -- that's not the problem. The problem is the structure of the web itself. If there were some trusted *authority* that could sign keys...
Sure there is. The HR department of Big Well-known Company, Inc. can sign the employee's keys. What's the problem? If you want to order something you do so by generating a P.O. or by using a credit card. What does the web of trust have to do with this? If you need approval, it's simple, you ask for it. When you get it, you order your 10,000 pencil erasers. You don't have to use PGP signatures for orders, but you can if the infrastructure is there between both companies.
If you want, you can designate a third party as a trusted authority. However, this is not needed if you meet the person with whom you will communicate in person and exchange public keys. Further this trusted authority needn't be a government entity thank you. This could easily be your lawyer, Verisign or some other entity.
This is no longer a web of trust model, it is a Certificate Authority model. Certificate authority standards are developing at warp speed.
No shit. Both are possible. Whichever your company wants it will use.
The only legal support needed for digital signatures is for the courts to recognize that digital signatures are equivalent to their analog counterparts.
The *only* legal support? This is a *big* deal, and the issues are very complicated. Handwritten signatures and digital signatures are really quite different.
I claimeth not lawyerhood, but IMHO, it can stand up in court if both parties agree to it by analog signatures infront of a notray. Any lawyers care to comment?
This could be binding if the two parties sign something that says "If I use PGP to sign a document I agree to allow that document to be treated as if I signed it." (IMHO)
Sure. It's been done, in fact. However, pairwise contracts with everyone you do business with is not going to cut it. You need laws for this.
Not if it is agreed by all parties involved and their lawyers to honor such signatures. (IMHO)
[...]
4) Businesses, especially large businesses, will (and do) want common standards for key and DS management.
Yeah, and they also want standards for software. I.e. Word Perfect Office versus Microsoft Office. Lotus Notes Domino versus Netscape Enterprise server. However neither of these examples show a need for government entities. They can easily say "We use PGP as our signing standard, and our notary will be shown a person driver license and will sign a printed email with that person's key for proof."
This is pair-wise contracting again. Note, incidentally, that standards concerning signatures are of a different order than standards concerning office software. There far more pressing liability issues with digital signature.
Really? you must not have been gotten infected by the slew of Word and Excel viruses out there. Might be a very good lawsuit against Micro$oft that they allowed such things to happen. Standards for a company are standards for a company. Which standard has more weight or importance is up to that company. Sure, it is on a bigger scale that installing XYZ OfficeWare and getting your ass fired, but it is still a standard. Is there any reason that a specific company CAN'T decide to use PGP? (or PEM, or some other scheme) if it so choses?
9) There is a high probability that a widespread standard for enterprise level key management including key escrow will develop in the next few years.
Why jump to key escrow all of a sudden? You see, a corporation can escrow its own keys in a fire proof safe off site. Why use a government agency where any two bit crooked employee can access the keys of that corporation?
I didn't say "government agency". I said "Enterprise level". A fireproof safe offsite is indeed a crude form of enterprise level key escrow. But it's not really very useful. Imagine a company with several thousand employees, with each employee having a company signature key. You use your key for all kinds of mundane things -- signing your time sheet, signing purchase orders, signing memos, etc. (This is not one of your personal keys that you use when you send email to your lover.) You have a turnover of several people a month, people forgetting passphrases, people invalidating keys because of a passphrase compromise, etc. These are company signature keys, also used for encrypting email, so the company escrows all the secret halves of the keypairs. (There is no privacy issue here -- these are all company keys used for company business, all the encrypted documents are company documents.)
So what's the problem? You hire people to keep track of assigning, escrowing, and signing keys for your employees. You have IS staff and security staff to watch for breeches. You can automate tons of this with good written scripts that automatically scan all email for valid signatures and raise alarms when signatures don't match. Where is this not useful? For a small company a locked safe is plenty. For a large company, you hire HR/Security folks to be your "Key Agents" or whatever.
In this scenario there is daily access to the key escrow system. A fireproof safe offsite is not the most convenient way to deal with the problem, and so the company will buy a software solution -- a nice, cryptographically secure, software solution. (This is obviously not a hard problem -- any cypherpunk should be able to design such a system.)
Yeah, ditto. We agree on this. We also would want something sent offsite incase of nuke, flood, fire, or mass suicide. :-) (sorry had to throw in a Heaven's Gate ref somewhere.)
10) This will converge with legal developments motivated by Digital Signature and support for electronic commerce, so that the standards will actually be government standards with at least partial force of law.
Why do commercial standards need be the same as those dictated by govermental standards?
Many commercial "standards" are legal standards, supplied by the government. In fact, the whole legal infrastructure of business law is really, when you get right down to it, a set of legally mandated standards. Standards are all over the map, when it comes to legal status.
Because there are laws that force such standards on the company. So far are there any laws that say you can't use anything but DSA? (Or Clipper, or whatever NSA backed scheme d'jour is being pushed?) If there were such laws in progress, they would be fought. :)
Why does there need to be a law that says "All businesses MUST use clipper (or whatever) and escrow keys with the FBI/CIA/etc.?"
There doesn't need to be such a law.
So we agree. :)
[...]
Sure, hence the old "When encryption is outlawed only outlaws will encrypt" slogan. Why do we need laws to state what a company is allowed to encrypt or not encrypt? And why must those state what cypher, bit lengths, and methods they must use? And that they must be escrowed in a certain way?
How about a law that stated that all RSA keys used for digital signature must be at least 4096 bits in length before they will be accepted as legally binding? Would that be a good law or a bad law?
It would be cool by me to impose a minimum provided that the current state of hardware could process such keys without too much of a delay factor, but not a maximum. If I am sick enough to want a 16384 bit RSA key, why force me to use something lesser? But within a company, were I insistent enough for whatever reason to use 384 bit RSA keys, as weak as they are and that was my company's policy I should be able to allow it. (Just as employers can read email if you expect that you have no privacy on the company email system.)
Where I work, we keep in "escrow" a key database (on index cards) with all the passwords for all the machines. Also in that fire proof safe live all the backups.
Funny, we do exactly the same thing. Except once a year or so complete backups are carted off to the desert, and stored forever.
Ours is a bit more paranoid. We offsite a tape on the 15th and last day of every month. Every few months we burn a pair of CD's of the important stuff, keep one in the local safe, one offsite.
Yeah, and likely you should change your underwear since it is soaked in it. :)
Over the years I've developed an asbestos butt.
It helps (looking at my own flame resistant shorts...) =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder@sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= For with those which eternal lie, with strange eons even death may die.