At 4:11 PM 5/28/96 -0400, Carl Ellison wrote:

There were a number of flaws in that paper, but perhaps the most glaring to me is that there are actually 3 classes of key:

the two you mentioned: communications key storage key and signature key

Of these, you want key recovery *only* for storage keys. You want to make sure no one can get to your signature key. Even the IWG paper notes that. But the only use for a PKI of any form is for a signature key. Once you have your identity established somehow for a signature key, you can generate and sign comm or storage keys at will. Furthermore, if you lose a signature key, there's no big loss. You generate a new one and get a new cert for it. So there's *NEVER* a reason for key recovery for a signature key -- the only keys for which there is a need for a PKI.

Carl is right. They want to GAK all keys including signature keys. Now think, to whom in your life are you willing to grant unlimited power of attorney? Your spouse? Your lawyer? Your banker? Your employer? Your government? Giving away your signature key is worse. Not only can any key holder act FOR you, he can act AS you. "We've got you cold perp. You signed this child porn that was posted to alt.binary.etc. You can make your calls from jail." Who needs entrapment. ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA