On Fri, Jun 03, 2005 at 12:12:31AM -0400, Thierry Moreau wrote: | Here is a suggestion for an encrypted data exception based on reasonable | key management principles: | | -------------------- | | Sec xyz) The [breach notification requirement set forth in section ...] | does not apply to [breached data portions] for which the following | conditions are demonstrably met: | | a) the [breached data portion] is in an encrypted form using an | encryption algorithm and an encryption key that can be shown to be | [resistant / comptatible or equivalent to NIST recommended practice for | encrypting classified data], | | b) the said encryption key has always been under the sole control of the | [data originator], | | c) the [data originator] is in a position to retire every copy of the | said encryption key from operations, and | | d) the [data originator] takes all resaonable steps to so retire every | copy of the said encryption key from operations as soon as the [data | breach event] is known to [the data originator], and completes such | retirement within [a delay e.g. the same delay as for notification]. | | The evidence that conditions a) to d) are met shall be [kept for auditor | review / filed with an incident report otherwise mandated] | | -------------------- | | Is that actually a reasonable key management principle?
No. If I get your database with SQL injection, all conditions are met, and I have your plaintext. But, the data is in an encrypted form, and you're saved. Adam | Is it possible the the US law-makers adopt such sensible approaches? | | -- | | - Thierry Moreau | | CONNOTECH Experts-conseils inc. | 9130 Place de Montgolfier | Montreal, Qc | Canada H2M 2A1 | | Tel.: (514)385-5691 | Fax: (514)385-5900 | | web site: http://www.connotech.com | e-mail: [EMAIL PROTECTED] | | | --------------------------------------------------------------------- | The Cryptography Mailing List | Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]