At 2:37 AM -0700 10/14/97, Adam Back wrote:
...
2. second crypto recipients on encrypted communications are not
used to allow access to third parties who are not messaging
recipients manually selected by the sender
...
Included in 2) is the principle of not re-transmitting over
communication channels keys or data re-encrypted to third parties
after receipt -- that is just structuring -- and violates design
principle 2.
This requirement tries to enforce something which can not be enforced by
technical means. That is, when you send another person some data, there is
no technical way you can prevent them from using it however they want. For
example, a user can always program his filters (given something like
procmail) to send decrypted data anywhere he wants.
The idea that you can control what users do with data thru technical means
is the most common flaw I see when people think about security.
N.B. I applaud Adam's direction of building the data recovery businesses
need without helping 3rd parties engage in undetected snooping. Keeping
the decryption keys (if data is not stored in the clear) near the
legitimate copies seems to be a useful step in this direction.
-------------------------------------------------------------------------
Bill Frantz | Internal surveillance | Periwinkle -- Consulting
(408)356-8506 | helped make the USSR the | 16345 Englewood Ave.
frantz(_at_)netcom(_dot_)com | nation it is today. | Los Gatos, CA
95032, USA