Alex Alten (Andrade@ix.netcom.com)
Sat, 28 Mar 1998 19:07:07 -0800
At 06:51 PM 3/26/98 -0500, Lewis McCarthy wrote:
>Hi,
>
>> passwords, and give the private key to the system administrator? Does
>> a sysadmin have the right to view any document created on a company's
>> computer?
>
>We've been lax lately, but legal discussions like this are really
>off-topic for CodherPlunks. There are a heap of other lists and
>newsgroups where these topics _are_ appropriate. Don't discuss this
>here.
This is exactly why I like to subscribe to CodherPlunks.
However having said that, I would really like to see more
discussion of key management, including key escrow, from a
technical view, trying to solve practical problems. Most
people think of it as 3rd party key escrow, but this is
just one type, and probably the most cumbersome one.
The more I examine this controversial technique the
more I realize how useful it is. For example PIN management
in electronic funds transfer networks is probably one
of the most elegant key management system in practical
use today. Whom among us has not been touched by the impact
of banking via ATM terminals? Have you ever wondered how
the PIN's are managed to protect both the user's and the
banks from fraud? PIN's are the electronic signature
of the banking industry. Because the underlying cryptography
is DES it means that the keys must be escrowed in some
manner within the secured databases of a bank. Key management
and escrow are just tools to be mastered, just as many of us
have mastered the intricacies of using block ciphers, public
keys, etc.
- Alex
-- Alex Alten Andrade@Netcom.Com P.O. Box 11406 Pleasanton, CA 94588 USA (510) 417-0159
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:16:23 ADT