CDR: Re: Zero Knowledge changes business model (press release)
Tim May
tcmay at got.net
Wed Nov 1 13:34:34 PST 2000
At 3:56 PM -0500 11/1/00, David Honig wrote:
>At 12:13 PM 10/31/00 -0500, Tim May wrote:
>>How about:
>>
>>-- no key escrow, no split keys, no trusted third parties
>
>I don't see any way around the fact that some companies will want to have
>key escrow of some form for employees who disappear, e.g., car accident,
>pickpocket stole the key-carrier, etc. I think companies will want this
>because of the risks of financial damage to the company.
Indeed, and this is a very good use for company attorneys! Or other
company officers.
If one is concerned that the company lawyer will use the key
improperly, split the key. Or place it in a fireproof safe with
dual-key access, then distribute the physical keys suitably.
Or, more simply, drop the disks with the spare keys in an envelope,
seal it, and place it in the safe of the company officers or
attorneys. Off site, split, whatever.
This is an old problem, solved long ago.
I'm sure there is some role for privately-arranged (that is, not
government-required) holding of critical keys, just as there is for
critical documents stored in old mercury mines (as Intel did at the
old New Almaden Mine in the Santa Cruz Mountains). As I said,
well-solved.
>
>Although its hazardous if done wrong [cf recent PGP problems], is
>tarnished by the Fedz/Denning/etc, and might have no use in a personal
>privacy tool (your diary dies with you), isn't it too dogmatic to rule out
>key escrow for tools intended for use by groups?
I've never said there is *no* role for safe alternate storage of
keys. See above, and se my past comments on legitimate use of backup
options. Most of us likely use some form of key backup.
Building in transparent key escrow with "trusted third parties" is
dangerous, however. Remember that the British model for "trusted
third parties" did not include free choice of who those third parties
were, but, rather, were limited to Officially Approved TTPs.
The whole approach of the Authorities has been to mandate access to
encrypted data. The ZKS plan speaks of regulatory conformance...this
is what is inimical to our goals.
>
>Strong crypto means the employee can put an invincible lock on the
>corporate file cabinet. This might mean that invincible locks are
>not used in corporations. A corporation might require that any
>invincible physical locks be used in series, so the corp can get into the
>files if the first lock stays locked. That doesn't seem wrong
>to me; and in meatspace two locks in series is obvious and no compromise
>is made to either lock's design.
Sounds fair to me. See above. What companies or individuals do is
their concern, not mine, and not government's.
--Tim May
--
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.
More information about the cypherpunks-legacy
mailing list