On Tue, 26 Jul 1994, Jef Poskanzer wrote:

...

. . . [description of key escrow scheme] I don't see any defense in this description against using someone else's public key. The feds could still decrypt such messages, but wouldn't know who was talking. At least not from the envelope.

That was one of the main objections pointed out by the folks at the Karlsruhe workshop. The solution is to have some component, I forget which but probably the session key, public-key signed with the sender's private key, and have that key include a key certificate signed by the Authorities. Did cause some minor embarassment for the statists, who hadn't apparently noticed it, but works fine. On the other hand, if you lose your wallet and your National ID SmartCard II, which has your signed IsNotACrook Citizen Credentials on it, and your card PIN is still set to 1200 like your VCR, and somebody guesses it, well it's a real shame that you have to get it replaced and change your Security Number. Bill