At 11:16 PM 2/22/96 -0800, Timothy C. May wrote:
And we should all remember, again, that basic observation: even if "key escrow" is needed to recover *stored* files, it sure ain't needed for *communications*!!
If a key is being generated for two way communications, then it should be generated via a protocol like Diffie-Hellman which leaves no recoverable knowlege of the key outside the participants, and discarded when the session is over of frequently, whichever occurs more often. This procedure will reduce the incentive for rubber hose attacks to recover these keys. ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA