I remember running into a case where there was a system in place that worked somewhat like an encrypted CVS system. There was a central document czar, like you said, and when he left, the company realized how foolish it was to put a single employee in charge of the key. So then (not seeming to have truly learned from their mistakes) they gave copies of the new private key to members of the executive team. Then an executive left. I will not soon forget hearing of thousands of pages of documentation being systematically decrypted with the old key, and re-encrypted with a new key. The process apparently took quite an amount of time. I also remember my squeamishness about the fact that the CVS-like system was designed to encrypt and decrypt on the fly based on some cheesy authentication, so as to provide a way to maintain this system without having to talk to the key holders every time you needed to make a change. The entire system was a big messy nightmare, and when considered carefully, really didn't provide much in the way of security. It would have been much easier for them to put a system in place that required multiple people to sign off on a document for it to be encrypted or decrypted. I took a lot of notes at the time on how I thought this sort of system could be implemented... I should dig it up and see what I was thinking. ok, Rush -----Original Message----- X-Loop: openpgp.net From: Eric Murray [mailto:ericm@lne.com] Sent: Wednesday, November 01, 2000 3:21 PM To: Multiple recipients of list Subject: Re: Zero Knowledge changes business model (press release) On Wed, Nov 01, 2000 at 03:56:56PM -0500, David Honig wrote:

At 12:13 PM 10/31/00 -0500, Tim May wrote:

...

How about:

-- no key escrow, no split keys, no trusted third parties

I don't see any way around the fact that some companies will want to have key escrow of some form for employees who disappear, e.g., car accident, pickpocket stole the key-carrier, etc. I think companies will want this because of the risks of financial damage to the company.

Although its hazardous if done wrong [cf recent PGP problems], is tarnished by the Fedz/Denning/etc, and might have no use in a personal privacy tool (your diary dies with you), isn't it too dogmatic to rule out key escrow for tools intended for use by groups?

Are there equivalent methods which don't use escrowed keys, which I am unaware of?

I beleive it was Eric Hughes who at a Cypherpunks meeting about four years ago, said "the solution isn't key escrow, it's document escrow". Which makes sense- a business doesn't (or shouldn't) allow employees to keep a single copy of an important document on their hard drive. It should be replicated in other known places in case of disaster (drive failure, stolen computer, employee hit by bus, etc). Just because documents are encrypted doesn't mean that this practice is abandoned. One can envision a system where there's a corporate "document czar" who is regularly given docs from various employees and who then encrypts them in his own key. When and where the docs get decrypted is determined by corporate policies. No key escrow required. I don't know of any existing system like this, but formal corporate document control isn't my field. -- Eric Murray Consulting Security Architect SecureDesign LLC http://www.securedesignllc.com PGP keyid:E03F65E5