What has really changed ...

Nicholas Bohm nbohm at ernest.net
Thu, 12 Aug 1999 12:28:49 +0100 

At 09:50 AM 8/12/1999 +0100, Brian Gladman wrote:

[snip]

>We also have to be careful to understand how encryption is being used to
>support e-commerce.  We understand many of the issues when it is being used
>for authentication and for message protection in transit but when it is used
>on end systems to protect stored data there are still many unknowns.  This
>is an area where there is still much to do in balancing cryptographic data
>protection with the need for data access.  The relationships between
>database management, cryptographic key management and access control are
>very difficult issues that are in many respects still unsolved.
>
>For these reasons I am convinced that the most fruitful immediate uses of
>cryptography lie in end-to-end data protection and in the authentication of
>end systems in open networks.   The cryptographic protection of data on the
>end systems themselves is a nightmare that will prove very painful for
>companies and for consumers that are silly enough to get involved in this
>before the huge technical and legal issues are better understood.

I very much agree with Brian.  And for most business communication
purposes, messages need to be encrypted between systems, not inside them:
the model that makes most sense is that the sending system automatically
encrypts all outgoing messages under the public keys of the adressee
systems (when known), and uses its own system private key to decrypt all
incoming messages for internal circulation as plaintext.  If encryption of
stored data is required, it is handled quite separately.

Fears about staff concealing data, or peoples' executors being unable to
administer estates, are just eyewash.  

Staff can fail to record phone calls, or file letters in the wrong place or
lose them, and cause mayhem in dozens of ways.  The answer is training,
checking, and, in a word, management.  Once you get into key recovery,
you're building yourself a problem, not a solution.  You might as well
require all staff to provide duplicate sets of their housekeys, in case
they take office documents home before leaving on holiday.

Nobody has a duty to leave any particular information for his executors,
and the tidyness of peoples' records varies, to put it mildly.  Executors
seem to manage.  At the moment, banks and insurance companies send out
reams of paper, so most people have far more in the way of records of
assets than most ever want.  By the time this all turns electronic and
encryptable, which won't be soon, the banks and insurance companies will
have built themselves record systems from which they can answer executors'
enquiries (indeed they do fairly well as it is).

I wouldn't lose too much sleep as a CA who didn't keep a private key at the
thought of being sued by executors who found encrypted data.  First,
because I don't think a court would find there was any duty to do more than
advise the user to keep a backup of the private key.  Secondly, how would
the executors establish a loss arising out of their not having access to
data the value of whose contents is by definition unknowable?  Users who
leave files on their PC called "where I hid the gold bars.pgp" are just as
likely to be exercising their sense of humour as hiding the map, and
perhaps more so.

Regards,

Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone		01279 871272	(+44 1279 871272)
Fax		01279 870215	(+44 1279 870215)
Mobile   	0860 636749  	(+44 860 636749)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF