At 2:37 AM -0700 10/14/97, Adam Back wrote:
... 2. second crypto recipients on encrypted communications are not used to allow access to third parties who are not messaging recipients manually selected by the sender ...
Included in 2) is the principle of not re-transmitting over communication channels keys or data re-encrypted to third parties after receipt -- that is just structuring -- and violates design principle 2.
This requirement tries to enforce something which can not be enforced by technical means. That is, when you send another person some data, there is no technical way you can prevent them from using it however they want. For example, a user can always program his filters (given something like procmail) to send decrypted data anywhere he wants. The idea that you can control what users do with data thru technical means is the most common flaw I see when people think about security. N.B. I applaud Adam's direction of building the data recovery businesses need without helping 3rd parties engage in undetected snooping. Keeping the decryption keys (if data is not stored in the clear) near the legitimate copies seems to be a useful step in this direction. ------------------------------------------------------------------------- Bill Frantz | Internal surveillance | Periwinkle -- Consulting (408)356-8506 | helped make the USSR the | 16345 Englewood Ave. frantz@netcom.com | nation it is today. | Los Gatos, CA 95032, USA