On Wed, Nov 01, 2000 at 04:20:31PM -0500, Eric Murray wrote:
One can envision a system where there's a corporate "document czar" who is regularly given docs from various employees and who then encrypts them in his own key. When and where the docs get decrypted is determined by corporate policies. No key escrow required.
I don't know of any existing system like this, but formal corporate document control isn't my field.
I'm aware of one example of a similar use in a NASDAQ-listed FDA-regulated pharmaceutical company, where they have a staff of "document czars" who are the only ones empowered to produce, edit, and maintain archives of documents considered especially critical to their intellectual property and/or research and production records required to gain and keep FDA listing for their products. I get the impression that's standard practice in the industry; and probably standard practice anywhere, where the continued availability (or confidentiality) of documents can turn into gains or losses in the $100M - $10B range. See, for example, David Mamet's "The Spanish Prisoner". In any event, I think things work much better when crypto people can present a toolbox of primitive operations to ordinary businesses, and let the ordinary businesses identify which of the primitives would solve actual, existing problems - cute crypto parlor tricks going searching for real-world utility don't seem to meet an especially warm reception. (And I'm saying that as a person guilty of promoting the latter, though the futility of that behavior becomes clearer in hindsight.) -- Greg Broiles gbroiles@netbox.com PO Box 897 Oakland CA 94604