> You're forgetting the other half of the liability issue, and
>that is the requirement that keys be stored. Using DH, users can
>exchange a key, and then throw away all the information used to
>generate a session key. If this is done, after a conversation ends,
>it can't be read. Forcing a key escrow scheme on top of this raises
>the possibility that a breach in your GAK scheme will make all of your
>historical traffic readable.
Am well aware of that but have business continuty & "due care" needs
that mandate that the corporation be able to read all encrypted messages
which originate within its boudaries unless contractual agreements preclude
or special permission is obtained (whew).
> We can easily get to strong file and message encryption with
>local key recovery using a couple of small modifications to PGP.*
I have the production release of Viacrypt PGP version 4.0 running on
this notebook. It includes capability for a "corporate key". I just need two.
Warmly,
Padgett
ps Belgium ?
pps will someone tell the sique chienet that Sara is happily married (just
saw both of them yesterday).
|
|
