Date: Thu, 7 Sep 1995 13:09:03 -0800 From: cman@communities.com (Douglas Barnes)

One good (non-cypherpunk) argument against GAK is that it concentrates a very large quantity of valuable keys in a few places, where they become an extremely attractive target for government or corporate espionage.

[...]

Note that a few million keys would fit very easily on even a low-end DAT tape (easily hidden in a pack of cigarettes).

The same danger happens with the TIS DRC (see the company web page), even though there is no key escrow in the TIS system. Instead, the emergency access field (Data Recovery Field (DRF)) is stored with the file -- but the key which encrypts it is the public key of the Data Recovery Center (DRC). If too much attractive stuff is available by loss of any one public key, that key gets attacked. To compensate for this, the TIS DRC generates new public keys periodically to give out to new (or old) customers. However, a government warrant which demands the DRC's private key collection would gain quite a harvest. +--------------------------------------------------------------------------+ |Carl M. Ellison cme@tis.com http://www.clark.net/pub/cme/home.html| |Trusted Information Systems, Inc. http://www.tis.com/ | |3060 Washington Road PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2| |Glenwood MD 21738 Tel:(301)854-6889 FAX:(301)854-5363 | +--------------------------------------------------------------------------+