[Chaos CD]
[Datenschleuder] [64]    International Crypto News
[Gescannte Version] [ -- ] [ ++ ] [Suchen]  

 

International Crypto News

"Key Recovery and Export Licensing Proposal" von Netscape
Amended Version 0.9 - February 19, 1997
DRAFT - Netscape Confidential
[By hand:] (Netscape counsel agreed with release.)

INTRODUCTION: This is a proposal from Netscape Communications Corporation regarding key recovery features in its client and server products. A business timeline is included.

EXECUTIVE SUMMARY: The key recovery proposal consists of two separate parts. The first part addresses the secure mail (S/MIME) keys (and keys for other local applications) and the second part addresses the SSL keys and related issues. Where possible, Netscape plans to offer voluntary recovery features for some encryption private keys. Corporate customers can define their own key recovery policies. They may decide to require key recovery for email applications as well as any other application that stores encrypted files on local or network disks.

Support for escrow of encryption private keys may be achieved as follows: Netscape client and server products offer Certificate Authorities the capability to only issue a certificate after the private key has been escrowed with an entity chosen by the Intranet administrator for security policy. The certificate will indicate that the corresponding private key has been escrowed. The proposed plan for SSL does not use explicit escrow for SSL keys at the client or the server sides. Rather, since SSL only encrypts data between the client and the server such that the decrypted data is available on the server (and clients in some cases), other entities can obtain the data from the server directly in the case access to the plain text data is needed.

The main point stressed here is that key recovery is useful for applications that enable storage of encrypted data and should be offered (as an optional feature) in a product line, but may not actually provide the desired result in some other applications. A plan that attempts to escrow all keys under all scenarios is perhaps too general and will face issues with scalability, distribution and legal issues with the escrowed private keys.

[...]
[http://www.jya.com/nscp-foia.htm]

 

  [Chaos CD]
[Datenschleuder] [64]    International Crypto News
[Gescannte Version] [ -- ] [ ++ ] [Suchen]