In message Thu, 7 Dec 95 16:27:23 EST, cme@acm.org writes:

It could be even worse. I was on a panel last year with Scott Charney (sp?) (I believe from DoJ) during which he commented that if you give your secret key to anyone -- e.g., your own company -- then you have given up the presumption of privacy.

Interesting. At the NIST meeting, criteria #5 deals with decrypting a conversation with only the key from one end. I thought that would be hard to implement. But during the discussion, they called on Miles Smid [sp?] who was obviously a NIST employee/consultant with real knowledge. He suggested that you could encrypt the session key with the public key of both parties, and send it along. This would allow single ended GAK. This is not far from the idea that CME proposed that the NSA/FBI/CIA publish public keys, and we'll hack a voluntary version of PGP that encrypts the session key with the LEA public key -- instant voluntary Key Escrow. Miles Smid's idea seemed reasonable, until you realize that he intends you to escrow your private key... Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include <standard.disclaimer>