RIP FOR INDIVIDUAL RIGHTS: HOME OFFICE RESPONSE TO UKCRYPTO
Padgett 0sirius
padgett at gdi.net
Fri, 17 Mar 2000 20:18:07 -0500
Can give a "real world" example which will be interesting to see in practise:
Fortune 100 company "A" has only one means to retrieve individual keys: the
following four executive offices must agree - CEO or DCEO, CISO or DCISO,
CIO or DCIO, and CLO or DCLO. (Executive Office, Information Security
Office, Information Office (is separate from CISO), and Legal Office).
In other words, no one organization will be able to retrieve the key. In
order to retrive (without going to the key user) those corporate elements
that policy requires to be notified, must be notified for the key or keys
to be retrieved.
A. Padgett Peterson, P.E., CISSP: Cybernetic Psychophysicist
Anti-Virus, Cryptographics, & Antique Radio Researcher
http://www.freivald.org/~padgett/index.html
mailto:padgett@gdi.net PGP 6.5 Key on request