Jeff Barber wrote:
The real problem is, as Hal notes, that CAs registered under the act can only create certificates if the corresponding private key is lodged with a registered KRA.
This proposal is a bald attempt to make a totally artificial linkage between a concept for which there is a good [or at least perceived good] business case -- officially registered CAs -- and one which the government desires but which has *no* business case: officially registered KRAs. It's trying to make it seem that key recovery/escrow has something to do with key signing/certification when it patently does not.
Do the words 'Gun Control' ring a bell? It seems that every time government announces its intention to restrict 'criminals' use of an item, it is not long before everyone using that item is considered a criminal. In the case of encryption, it will still be legal, but not if you use real bullets. Perhaps if enough people manage to circumvent forced key escrow in the future, the government will pass a law requiring all crypto products to force everybody to use the same password. (I can hardly wait to see what reasoning they use to explain to us that it is for our own protection.) -- Toto "The Xenix Chainsaw Massacre" http://bureau42.base.org/public/xenix/xenbody.html