-----Original Message-----
From: David Hayes <[EMAIL PROTECTED]>
Date: Tuesday, November 17, 1998 12:55 AM
>At 10:56 AM 11/13/98 +0100, Ian BROWN wrote:
>> [description of UK's OFTEL plan to license CA's and require that they
>> escrow any encryption keys they certify.]
>>
>>Oh, and CAs aren't allowed to be licensed for certifying signature-only
keys
>>but unlicensed for certifying encryption-capable keys.
>
>Sounds like a CA could avoid a significant paperwork load by simply
>declaring (and enforcing) a policy that it would only certify
>signature-only keys.
>
>Or am I missing something obvious here?
Especially considering that, if providing the unescrowed encryption keys
should prove a good business, the same shareholders could establish a
separate, unlicensed sister organization managed at arm's length... This is
a second way of circumventing those restrictions, the first one being
writing software that does not honor the "sign-only" flag and uses the
signature certs to authenticate ephemeral sessions.
Enzo
