[Top] [All Lists]

Re: Just say NO to key escrow or CMR/ARR revisited

1997-11-04 20:29:47
On Tue, Nov 04, 1997 at 09:02:31PM +0000, Ian Brown wrote:

Building a key escrow system would do exactly the same thing. Putting in
place the infrastructure for automated enterprise wide key escrow to a
corporate key would mean building a technology infrastructure at exactly
the same risk. A government could just as easily say, "Thou shalt escrow
to the FBI key and send it to central storage" as they could corrupt CMR
to say "Thou shalt encrypt to the FBI key."
I'm not sure what you mean by 'central storage'. If you mean a backup
server within an organisation, this means the FBI still has to gain
physical access to the encrypted data. With CMR, the data is likely to
be sent across an insecure network so the FBI could access it easily.

This is the crux of the argument.

A completely bogus crux.  In *both cases* we are talking about
encrypted email.  Therefore, in both cases we are talking about data
sent across an insecure network.  Therefore, in both cases the FBI has
access to the ciphertext.  In either case, data that doesn't get sent 
across an insecure network is not the issue.

Forward secrecy in email is an orthogonal issue to CMR/key escrow.


A properly designed escrow system
would require the keys to be physically handed over by the organisation
to the NSA. Regardless of how easy this step may be, it would hinder
fishing and leave some kind of audit trail - unlike CMR.

You are not making any sense here.  CMR doesn't automatically give 
keys to anyone.

Kent Crispin                            "No reason to get excited",
kent(_at_)songbird(_dot_)com                    the thief he kindly spoke...
PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55