At 01:00 PM 8/21/97 -0700, Tim May wrote:
Technical solutions abound, of course, such as hosting the archives in offshore locations, or using strong crypto....and "forgetting" the key. This, obviously, is yet another reason the authorities want "key recovery.")
At a recent Cypherpunks meeting, I had a conversation with a person working for a Very Large defense contractor. His company plans to literally use thousands of keys. Their strategy when faced with a subpoena is to hand over n-m of the total n keys. (m << n) The other keys just can't be found. After all, it is perfectly reasonable that a few keys out of several thousand get lost. To quote: "those keys simply won't be subject to subpoena". I do not know which type of information will be encrypted with said keys. Of course, neither will others, since the data will remain encrypted... Remember this the next time you hear some clueless idiot claim that industry wants full key recovery. The last thing industry needs is access to all their confidential information during discovery. --Lucky Green <shamrock@netcom.com> PGP encrypted mail preferred. DES is dead! Please join in breaking RC5-56. http://rc5.distributed.net/