(I've changed the list from coderpunks to cypherpunks, as this is getting off-topic for the former list.) At 12:48 AM -0500 9/17/97, Black Unicorn wrote:
This brings up interesting coding implications. What is a "cryptographic product" and to what extent can key generation be seperated from the definition. To what extent do we want it to be?
I would say that a "cryptographic product" is any [insert patent lawyer language here] that can be used to encrypt or decrypt a message, and a "key" (the thing you escrow) is the mechanism by which a message is converted between plaintext and encrypted text. (Note, then, that I am including both halves of a public key pair.) By this, admittedly devil's advocate, reasoning, the sender would have to escrow the actual session key, not just the private key that the receiver uses to recover the session key. After all, if you use PGP to encrypt a message using a public key -- and don't possess the corresponding private key -- you couldn't read your own message, but my reading of the law is that the government still must have immediate access to the plaintext. Martin Minow minow@apple.com