At 3:56 PM -0500 11/1/00, David Honig wrote:
At 12:13 PM 10/31/00 -0500, Tim May wrote:
How about:
-- no key escrow, no split keys, no trusted third parties
I don't see any way around the fact that some companies will want to have key escrow of some form for employees who disappear, e.g., car accident, pickpocket stole the key-carrier, etc. I think companies will want this because of the risks of financial damage to the company.
Indeed, and this is a very good use for company attorneys! Or other company officers. If one is concerned that the company lawyer will use the key improperly, split the key. Or place it in a fireproof safe with dual-key access, then distribute the physical keys suitably. Or, more simply, drop the disks with the spare keys in an envelope, seal it, and place it in the safe of the company officers or attorneys. Off site, split, whatever. This is an old problem, solved long ago. I'm sure there is some role for privately-arranged (that is, not government-required) holding of critical keys, just as there is for critical documents stored in old mercury mines (as Intel did at the old New Almaden Mine in the Santa Cruz Mountains). As I said, well-solved.
Although its hazardous if done wrong [cf recent PGP problems], is tarnished by the Fedz/Denning/etc, and might have no use in a personal privacy tool (your diary dies with you), isn't it too dogmatic to rule out key escrow for tools intended for use by groups?
I've never said there is *no* role for safe alternate storage of keys. See above, and se my past comments on legitimate use of backup options. Most of us likely use some form of key backup. Building in transparent key escrow with "trusted third parties" is dangerous, however. Remember that the British model for "trusted third parties" did not include free choice of who those third parties were, but, rather, were limited to Officially Approved TTPs. The whole approach of the Authorities has been to mandate access to encrypted data. The ZKS plan speaks of regulatory conformance...this is what is inimical to our goals.
Strong crypto means the employee can put an invincible lock on the corporate file cabinet. This might mean that invincible locks are not used in corporations. A corporation might require that any invincible physical locks be used in series, so the corp can get into the files if the first lock stays locked. That doesn't seem wrong to me; and in meatspace two locks in series is obvious and no compromise is made to either lock's design.
Sounds fair to me. See above. What companies or individuals do is their concern, not mine, and not government's. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.