CDR: Re: Zero Knowledge changes business model (press release)
Eric Murray
ericm at lne.com
Wed Nov 1 13:20:31 PST 2000
On Wed, Nov 01, 2000 at 03:56:56PM -0500, David Honig wrote:
>
> At 12:13 PM 10/31/00 -0500, Tim May wrote:
> >How about:
> >
> >-- no key escrow, no split keys, no trusted third parties
>
> I don't see any way around the fact that some companies will want to have
> key escrow of some form for employees who disappear, e.g., car accident,
> pickpocket stole the key-carrier, etc. I think companies will want this
> because of the risks of financial damage to the company.
>
> Although its hazardous if done wrong [cf recent PGP problems], is
> tarnished by the Fedz/Denning/etc, and might have no use in a personal
> privacy tool (your diary dies with you), isn't it too dogmatic to rule out
> key escrow for tools intended for use by groups?
>
> Are there equivalent methods which don't use escrowed keys, which I
> am unaware of?
I beleive it was Eric Hughes who at a Cypherpunks meeting about four
years ago, said "the solution isn't key escrow, it's document escrow".
Which makes sense- a business doesn't (or shouldn't) allow employees
to keep a single copy of an important document on their hard drive.
It should be replicated in other known places in case of disaster (drive
failure, stolen computer, employee hit by bus, etc). Just because
documents are encrypted doesn't mean that this practice is abandoned.
One can envision a system where there's a corporate "document czar" who
is regularly given docs from various employees and who then encrypts them
in his own key. When and where the docs get decrypted is determined by
corporate policies. No key escrow required.
I don't know of any existing system like this, but formal corporate
document control isn't my field.
--
Eric Murray Consulting Security Architect SecureDesign LLC
http://www.securedesignllc.com PGP keyid:E03F65E5
More information about the cypherpunks-legacy
mailing list