gstv.staff deletion
Va...@gstv.staff
o To Safeguard Your Privacy
* "Clinton's Encryption Plan Fits Law and Market"
* Letters to the Editor, Mickey Kantor, U.S. Secretary of Commerce, 10/9/96
*
* Users may need a "spare key" to recover information that is lost or
* otherwise inaccessible, in much the same way that we give a trusted
* neighbor a spare key to our house...and the U.S. will have that key.
The government says in case you lose you own decryption key,
they will be there to save the day with their LE key. (Key Recovery
has a 'Law Enforcement' key, which is a SECOND key to decrypt the
same traffic.)
Without getting into a lot of technical detail, basically,
the LE KEY = Your Key.
So, because they have a separate but equivalent key, they are claiming
to be your emergency backup key, like a key left with a neighbor.
People who have no idea how computer systems work will
think like that sounds like a reasonable thing.
Like a "good faith attempt to balance...".
Now picture it being YOUR business.
You have a cryptographic key that needs to be protected.
The key itself is a big number you can't memorize.
The key itself is protected by a (MD5-like) password to
unlock access to it. That means the password can be as long
a thing as you'd like to type in, not merely a short password.
As long as you can remember it.
This is standard...MIT's Kerberos and Phil Zimmerman's PGP
use a password to unlock the cryptographic key.
So, how do you back up the key without GAK?
In other words, what do all companies do for this situation now?
A situation that applies to all company data whether or not it is encrypted.
A situation that has existed since the in
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.6.0
OJ4Sh4/Px+08jixaf6oBqkZrmPGkBdnO/sBFlLDsNZVUmGtUNWTsDqRXWjdw/JAb
OfM1155PvP1iA6jojRBw5471iqteC29q3eatnKXu4xxQiEoTsNBF1N5etZkn7ZZ0
F3++YB2k3T2K209zutWL6iPPBKESqJxvgvPPyVO29tYB8jn1Q3hAvGMsELVIcVeK
9xatatEpmpoM6dbvpZqvlTf1xzL0KzlfXBjxP5==
=9OA0
-----END PGP SIGNATURE-----