> All that occurs additionally is that a Data
> Recovery Field (DRF) is created for the user and each receiver (each
> firewall in a Global Virtual Private Network) in stronger cryptography than
> the message itself. The DRF contains this same session key and a unique
> user identifier, all encrypted with the public key of a Data Recovery
> Center (DRC). The DRF is tagged with a plaintext identifier for the DRC.
> It is NEVER sent to the DRC.
I am missing something here. What prevents the sender from filling in
the DRF with random gibberish? Nobody would ever know until someone
tries to recover the key. If you allow me to import your system
outside the US, I will give it a false DRC public key, and the system
will work just fine, except the CIA won't be able to "recover" my
message. I don't see why politely asking terrorists to encrypt their
keys into every message will satisfy the US government's goals.
What am I missing?
CRI - Batiment 211 Telephone : +33/1/69 41 61 06
Universite de Paris-Sud Fax : +33/1/69 41 69 86
91405 Orsay Cedex Email : Nicolas .