Netscape gives in to key escrow
Ray Cromwell
rjc at clark.net
Thu Nov 30 01:29:36 PST 1995
What's the point? Surely Clark must realize that even if Netscape
adds key escrow to SSL/Secure Courier, it is still possible to tunnel
real encryption through that link thus thwarting the escrow system.
In fact, this is the perfect job for Java:
1) Client connects to server thru insecure key-escrow channel and downloads
Java applet
2) Java applet opens new connection to server using "invincible" security
as Clark puts it, and performs add transactions on this channel. In fact,
in the future, a large number of "forms" will be Java applets which
submit information back to the server themselves.
And what about IPSEC ESP? Even if the application layer is weak,
the link layer can more than make up for it.
Now, Netscape has momentum, and if they set a key-escrow standard, there
is a chance of it being adopted widely. However, Java applets and IPSEC
can still make transactions through an insecure netscape payment/encryption
channel.
The genie is out of the bottle.
-Ray
More information about the cypherpunks-legacy
mailing list