GAK

[cme at acm.org]

>Date: Fri, 8 Sep 1995 17:58:57 -0800
>From: cman at communities.com (Douglas Barnes)
>
>
>>
>>If too much attractive stuff is available by loss of any one public key,
>>that key gets attacked.  To compensate for this, the TIS DRC generates new
>>public keys periodically to give out to new (or old) customers.
>>
>>However, a government warrant which demands the DRC's private key collection
>>would gain quite a harvest.
>
>The economics of the situation seem to dictate that whether you have
>one key or N keys, it's going to be cheaper to subvert the escrow agent
>(you guys or whoever) than it is to brute-force even one key. 

You're right, of course.  That's why I, personally, would trust my key
backup only to (k of n) TIS DRCs in Earth orbit or farther out.

>You may feel very comfortable with the personnel and procedures you
>have in place now, ....

People keep assuming that TIS will run a commercial DRC.  We do not plan
to.  We did the design and will sell DRC hardware and security consulting
(physical, policy, ...) to companies wanting to set up their own for
internal use.  That's the only mass DRC market we envision.  This could
change, but that's the current plan.

Meanwhile, the real question is GAK -- whether the DRC you choose to use
goes along with it or not.  You might check my home page for my views on
GAK.  It is possible to have a Corporation running a DRC which refuses to
play along with GAK.  They won't be blessed for attachment to exportable
crypto, most likely, but it's entirely possible for this to exist.  Tim May
may run one, for example.  (I'd still want it to be in orbit.)

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison    cme at acm.org    http://www.clark.net/pub/cme/home.html  |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2  |
|  ``Officer, officer, arrest that man!  He's whistling a dirty song.''    |
+----------------------------------------------------------- Jean Ellison -+