ietf-openpgp
[Top] [All Lists]

Re: CMR

1997-11-22 08:08:57
Black Unicorn wrote:

Which is why, as part of a general document destruction and retention
policy, you cycle the CMR key every year (or other period), securely delete
the old secret key, and thus kill all the "tobacco memos."

The problem with this, as Adam and others have pointed out, is that you
have different storage requirements for different types of material.
Regulatory bodies may require certain materials to be stored for say 7
years. Other types of material may need to be securely wiped ASAP.

This means that you need different CMR keys for different purposes. But
how do you implement this properly using CMR? Say I work for such a
company. Which CMR request should be on my general-purpose public key?

Kent Crispin wrote:

Of couse, this is a problem intrinsic to either CMR or CKE.  You are in
precisely the same trouble with key escrow -- they save the mail, then
demand the escrowed key via court order.

You're right, if it is simple CKE. However, following Adam's
GAK-resistant design principles, the escrow should be done as close to
the user as possible. So to take Microsoft's example: these dynamite
messages should have ONLY been encrypted to the message recipient. Once
the recipient received and decrypted the message, if it was necessary to
store it, they would then encrypt it with the company escrow key. This
escrowed storage copy would remain physically inside the organisation -
no competitor or regulatory body could have intercepted and stored a
copy. If the organisation wished to securely wipe the data, it could do
so knowing that no-one else could have intercepted the copy. And since
the recipient used Forward Secrecy ;-), by the time the courts came to
demand the recipient's private key so they can decrypt their intercepted
and stored message, said private key would have been long ago securely
wiped.

Ian.

<Prev in Thread] Current Thread [Next in Thread>