U> From: 74076.1041@CompuServe.COM (Hal) U> This proposal to register keys was also mentioned in the U> July, 1992 Communications of the ACM, in an article by Ron U> Rivest, one of the creators of the RSA algorithm. He was U> solution based on 'escrowed secret keys' might be U> workable, wherein each user is legally required to depost U> his or her secret key with a trusted third party, such as U> the user's bank. Actually this sounds signifigantly different from what Denning is allegedly proposing. This method is analogous to the way FFL (Federal Firearm License) holders record transactions of gun sales (I have an FFL). FFL holders are required to record, in detail, each transaction based upon gun serial number/description, and to/from addresses (buy/sell). The FFL holder maintains the records; the feds dont' get a copy. If a gun is used in a crime, the feds go to the manufacturer, and follow the audit trail of FFL records to follow that guns travels. This is *completely* different than a centralized gun database, where a hypothetical they can compile cross indices based upon oh say name or address or whatever. The third party escrow method puts the same sort of restraint upon searches. I'm not saying I particulary like the method, it's just that it's qualitatively different. The BATF cannot rummage through the audit trail of FFL records, they can only follow the forward/backward pointers per gun. Rivest seems to imply there could be many, independent key-escrow locations. A hypothetical we could form our own key escrow, and while we'd be subject to whatever the hypothetical they would require for access, we could probably do things ilke inform members of all key accesses/inquiries, etc. In short, it bothers me a lot less than Dennings. --- ReadMail * Origin: World Power Systems / FidoNews / San Francisco CA (1:125/111) -- Tom Jennings - via FidoNet node 1:125/555 UUCP: ...!uunet!hoptoad!kumr!fidogate!111!Tom.Jennings INTERNET: Tom.Jennings@f111.n125.z1.FIDONET.ORG