At 17:20 9/4/95, Bill Stewart wrote: [...]
For Commercial Key Escrow, or commercial key-backup services, the criteria are "whoever can be trusted to provide the services the customers want". In this case, of course, the service most customers want is to be left alone, or, failing that, to have the government's Master Key system provide minimal risk to the security of the actual transactions - 64 bit keys are not enough security for any high-valued financial transactions, though they may suffice for credit cards. One required characteristic would appear to be either sufficiently deep pockets to collect judgements for violations of trust or a sufficiently high reputation that violations of trust are not expected.
I seems obvious to me that prospective key escrow agents would be exempt from all liability for damages caused by releasing a key, exept in cases of gross negligence. Gross negligence being defined as giving a key to a person who explicitly states that they intend to use it for illegal purposes. -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.