CDR: Re: Zero Knowledge changes business model (press release)

Wed Nov 1 13:53:09 PST 2000

At 4:20 PM -0500 11/1/00, Eric Murray wrote:
>On Wed, Nov 01, 2000 at 03:56:56PM -0500, David Honig wrote:
>
>  > Are there equivalent methods which don't use escrowed keys, which I
>  > am unaware of? 
>
>I beleive it was Eric Hughes who at a Cypherpunks meeting about four
>years ago, said "the solution isn't key escrow, it's document escrow".
>Which makes sense- a business doesn't (or shouldn't) allow employees
>to keep a single copy of an important document on their hard drive.
>It should be replicated in other known places in case of disaster (drive
>failure, stolen computer, employee hit by bus, etc).  Just because
>documents are encrypted doesn't mean that this practice is abandoned.
>
>One can envision a system where there's a corporate "document czar" who
>is regularly given docs from various employees and who then encrypts them
>in his own key.  When and where the docs get decrypted is determined by
>corporate policies.  No key escrow required.

Exactly.

A pity we can't easily draw pictures here in mailinglistspace. If we 
were at a blackboard, we could easily see that the issue of 
encryption is clearly partitioned thusly:

* Alice's files, stored on her local computer or file repository. 
Maybe in plaintext, maybe in encrypted form.

* Files in transit between Alice's site and Bob's site. These should 
at the very least be link-encrypted, and possibly end-to-end 
encrypted with PKS tools. Forward secrecy is also good, so that the 
transit keys can't be recovered.

* And then of course the files at Bob's computer, in plaintext or encrypted.

Or, more simply, files at sites and files in transit.

Alice may have partners or bosses who have rules about how she leaves 
the files on her machine, encrypted or not encrypted, backed-up or 
not backed-up. But her storage is SEPARABLE from files in transit.

>
>I don't know of any existing system like this, but formal corporate
>document control isn't my field.
>

There are companies doing exactly this kind of document control for 
large and small companies, for hospitals, for schools, etc. They 
offer services for back ups to vaults and repositories, for key 
control, for distribution, and tools for collaboration. Mentor, 
Oracle, Adobe, and many others are in this market.

If ZKS plans to enter this market, good luck to them.

--Tim May

-- 
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
"Cyphernomicon"             | black markets, collapse of governments.