It should be clear by now that privacy is not the only security objective sought by customers of information security products, nor even by all customers of crypto products. Practical users rarely pursue privacy at all costs, nor do they pursue accountability and traffic visibility at all costs. Many must find a balance between two fundamentally conflicting goals. Regarding the practical uses of e-mail key disclosure, let me include one from the guard/firewall world that I haven't seen mentioned yet: We've been shipping products since 1994 that scan the contents of e-mail messages and reject contents that violate specified filtering criteria. Sites use it to block importation of viruses or other inappropriate attachments, and to block the export of improperly released information. Most of these systems have been sold to the government and use the Message Security Protocol to encrypt data. The system rejects messages that don't contain an extra key so that the firewall can scan message contents. This violates the assumed requirement that the contents of an e-mail message must not be viewed by anyone except the message's author and recipient. However, it's a security trade-off that some organizations want to make for certain applications. PGP's key recovery protocol isn't the perfect solution, but it would help resolve a big problem. To send mail through these systems, the users must be trained to include the firewalls as message recipients -- this produces a copy of the symmetric key encrypted with the firewalls' individual PKs. If a user forgets, then the message can not pass through. The PGP approach of warning or demanding another PK token would help solve that problem at least in simple cases. ObPolitics: Personally, I think it's too soon to tell if PGP's implementation would benefit the FBI in its pursuit of wiretapping keys. At most it might resolve whether such mechanisms are in fact a practical technology. I'm not yet convinced. Also, if commercial sites have already co-opted PGP's recovery key for their own uses, it's not clear that the FBI will be able to use it for clandestine investigations. If they approach the site's IS managers to acquire copies of the firewall keys, there's a good chance a rumor will get back to the people being targeted for surveillance. Also, I believe the overhead for separate eavesdropping keys would produce too clear a sign to everyone that the FBI is listening. There is no precendent for such a thing and even if it's adopted temporarily I doubt it will persist. People will notice, it it will make them mad -- it will show them that the FBI is indeed under everyones' bed. Even the FBI can't stand up against broadly based grassroots pressure. Of course, I've been wrong before about politics. Rick. smith@securecomputing.com Secure Computing Corporation "Internet Cryptography" now in bookstores http://www.visi.com/crypto/