At 10:21 PM 5/8/97 -0400, Information Security wrote:
>Key recovery means the information necessary to decrypt
>the message is built into the message.
>The message is cleartext to the government.
You are exaggerating of course.
>Would it be reasonable to fear that the key recovery implementation
>might become known at a later date to someone other than the government?
>Why use encryption with built-in crackability?
>A company would be totally foolish to use the compromised crypto.
Michael Zboray (an industry analyst at Gartner Group) has been quoted as
saying: "The use of a key recovery system is a mandatory business practice
the deployment of wide spread deployment of public key encryption.
The risk of data loss through the loss of private keys can be as damaging
as the loss due to malicious attack."
I agree with him, as do many large corporations. They reason: 1) crypto is
mandatory for privacy in business transactions and 2) the ability of the
organization to recover the key used to encrypt a file is mandatory for
(voice) +1 301-854-5749; (fax) +1 301-854-5363
Web site: http://www.tis.com/
PGP Key: http://www.tis.com/docs/corporate/fredpgp.html
PGP Key fingerprint =37 6B 35 BB B2 07 BE B7 D5 47 C3 30 4E 39 A2 EE