[cryptography] Key escrow 2012
mheyman at gmail.com
mheyman at gmail.com
Thu Mar 29 14:48:06 PDT 2012
On Tue, Mar 27, 2012 at 1:17 PM, Nico Williams <nico at cryptonector.com> wrote:
> On Tue, Mar 27, 2012 at 5:18 AM, Darren J Moffat
>>
>> For example an escrow system for ensuring you can decrypt data written by
>> one of your employees on your companies devices when the employee forgets or
>> looses their key material.
>
> Well, the context was specifically the U.S. government wanting key
> escrow.
>
Hmm - these are not mutually exclusive.
Back in the mid to late 90s, the last time the U.S. government
required key escrow for international commerce with larger key sizes,
they allowed key escrow systems that were controlled completely by the
company. Specifically, they allowed Trusted Information System's
RecoverKey product (I worked on this one, still have the shirt, and am
not aware of any other similar products available at the time - PGP's
came later and was more onerous to use).
RecoverKey simply wrapped a session key in a corporate public key
appended to the same session key wrapped with the user's public key.
If the U.S. Government wanted access to the data, the only thing they
got was the session key after supplying the key blob and a warrant to
the corporation in question. The U.S. government even allowed us to
sell RecoverKey internationally to corporations that kept their
RecoverKey data recovery centers offshore but agreed to keep them in a
friendly country.
----
-Michael Heyman
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list