On Wed, 20 Nov 1996, Hal Finney wrote:
What I see this as is a call to come up with architectures that will allow transparent phase-in of government key access (so-called "key recovery") technology. The current HP proposal fits in very well with this model. The appear to be planning on using standard API's so that applications will be able to switch to using key escrow software without changing the applications themselves, just the OS. Maybe there could be a transition period where both the old and new crypto would both be accepted, then after a period of time the old wouldn't work any more.
Just so we are all clear about what HP is up to: in August, 1996, I attended a presentation by HP's policy person. He was touting the anti-four horsemen properties of HP/TIS/unnamed other's "voluntary" "key recovery" system. When I pointed out to him that voluntary GAK could not possibly defend against criminals using strong crypto, since such criminals are unlikely to register their keys with the "escrow" agency, he replied: "There are many possible interpretations of the words 'voluntary' and 'mandatory'." I am willing to testify to this under oath. I don't know what dictionary HP is using. Orwell himself must have written it. --Lucky