So, what crypto legislation (if any) is necessary?

Bill Frantz frantz at netcom.com
Mon Mar 25 20:16:45 PST 1996


At 12:23 PM 3/25/96 -0800, Timothy C. May wrote:
>Obviously things get more complicated when a private key or set of keys "is
>one's identity." That is, at some future time, when a key or set of keys is
>literally the key to one's identity, then this document is no longer "just
>another document." A law enforcement agency or court that obtains these
>keys could do much damage, beyond just the matter being investigated or
>tried in court. The release of the key cannot be undone. A thorny problem.

This is precisely the problem Certificate Revocation Lists and Certificate
Expiration Dates address.  There seems very little reason to subpoena a
persons signing key, only decryption keys.  If future software uses
separate keys for these two functions, then there may be minimal danger. 
(With PGP, it should be sufficient to provide the IDEA keys for the
messages in question, leaving the secret key still secret.)

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA








More information about the cypherpunks-legacy mailing list