[cryptography] Key escrow 2012

Nico Williams nico at cryptonector.com
Tue Mar 27 13:17:31 EDT 2012

On Tue, Mar 27, 2012 at 5:18 AM, Darren J Moffat
<Darren.Moffat at oracle.com> wrote:
> On 03/26/12 05:54, Nico Williams wrote:
>> I'm with you: key escrow is necessarily dead letter, at least for the
>> time being and the foreseeable future.
> For the purposes of covert surveillance when you don't know in advance all
> the parties I agree.
> However there are other use cases for key escrow that aren't necessarily a
> bad idea or dead and I'm sure you would agree with me.
> For example an escrow system for ensuring you can decrypt data written by
> one of your employees on your companies devices when the employee forgets or
> looses their key material.

Well, the context was specifically the U.S. government wanting key
escrow.  That's not feasible because the national security
establishment will win any fight over this with law enforcement. The
U.S. govt is not a monolythic entity...

As for corporate networks, yes, and often we already have this in the
form of MITM TLS boxes, with users having to install trust anchors for
them.  And, really, for e-mail security needs to be between domains,
not between users, which is roughly equivalent to saying that users
should have no privacy vis-a-vis their mail servers.  But that's
another topic :)


More information about the cryptography mailing list