On Thu, Mar 29, 2012 at 6:38 PM, Jon Callas <j...@callas.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Mar 29, 2012, at 2:48 PM, mhey...@gmail.com wrote: > >> On Tue, Mar 27, 2012 at 1:17 PM, Nico Williams <n...@cryptonector.com> wrote: >>> On Tue, Mar 27, 2012 at 5:18 AM, Darren J Moffat >>>> >>>> For example an escrow system for ensuring you can decrypt data written by >>>> one of your employees on your companies devices when the employee forgets >>>> or >>>> looses their key material. >>> >>> Well, the context was specifically the U.S. government wanting key >>> escrow. >>> >> Hmm - these are not mutually exclusive. >> >> Back in the mid to late 90s, the last time the U.S. government >> required key escrow for international commerce with larger key sizes, >> they allowed key escrow systems that were controlled completely by the >> company. Specifically, they allowed Trusted Information System's >> RecoverKey product (I worked on this one, still have the shirt, and am >> not aware of any other similar products available at the time - PGP's >> came later and was more onerous to use). >> >> RecoverKey simply wrapped a session key in a corporate public key >> appended to the same session key wrapped with the user's public key. >> If the U.S. Government wanted access to the data, the only thing they >> got was the session key after supplying the key blob and a warrant to >> the corporation in question. The U.S. government even allowed us to >> sell RecoverKey internationally to corporations that kept their >> RecoverKey data recovery centers offshore but agreed to keep them in a >> friendly country. > > I'd have to disagree with you on much of that. > > The US Government never required key escrow for international commerce. > Encrypted data was never restricted, what was restricted was the export of > software etc.... > So, your second sentence disagrees with your first? In the real but rapidly changing world that existed back then, if you wanted to export cryptographic software that used strong keys from the U.S., you needed key escrow. Or, of course, you could publish a book of your source code ;-) (although that wasn't proven legal until 1999). > > Amusingly, I ended up having TIS's RecoverKey under my bailiwick because > Network Associates bought PGPi and then TIS. The revenues from it were > so small that I don't think they even covered marketing material like that > shirt > you had. In a very real sense, it didn't exist as anything more than a > proof-of- > concept that proved the concept was silly. > What do you mean 'had', I still have the shirt!
No argument on the silliness but if the government hadn't relaxed the rules and you had a pile of non-U.S. installations of Microsoft applications (Outlook, IE, and other code using the Microsoft CryptoAPI) and you wanted strong crypto, then RecoverKey was the _only_ option. Now, back then, most internationals were happy with the Microsoft's base cryptographic service provider (512-bit RSA key exchange, 40-bit RC2, 40-bit RC4, DES(-40?)). Deep Crack was changing that but then, probably because of Deep Crack, impending rule changes made RecoverKey almost irrelevant. > > Also, there wasn't a PGP system. The PGP "additional decryption key" is > really what we'd call a "data leak prevention" hook today, but that term > didn't exist then. > I was just using the PGP additional decryption key design as an example of something that used a similar technique of encrypting the session key under more than one public key. As for data leak prevention, that isn't what we other Network Associates employees heard back then. We were told and used the PGP ADK thing as if it would help us when we lost our private keys (along with protecting the company from employees that try to hold data hostage). I remember trying to get company officers to get their key shares together to please please please recover my backup encrypted volume. Alas, I had no success and had to do a few weeks of scrambling to recover the old fashioned way. I admit I was young, naive, and tainted by having worked on RecoverKey where the data recovery center sat in a room with a modem happily waiting for me to recover my own keys. Yes, RecoverKey was never much more than a commercial grade proof-of-concept. But, it was well thought out, satisfied a real, albeit an artificially-created-by-stupid-policy need, and it did work as advertised. ---- -Michael Heyman _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
