[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Will the real PFS please stand up?
Hi Germano,
>Friendly greetings,
> Germano
>
>by the way:
>In my opinion escrowing communicated data is nuts anyway,
>you want key escrow for long term archived data, where
>key owners (and their secrets) may 'get lost'...
I agree, but would like to add that ...
"Key archiving" makes sense for long term archived data and sometimes for
private signature or encryption keys. This allows access to data when keys
are misplaced, or restoration of capabilities when a user forgets or losses
his key.
"Law enforcement escrow" makes sense to agencies that wish to covertly monitor
data being communicated in real time. Law enforcement access to stored data
may be provided by mechanisms that could be described as key archiving or law
enforcement escrow. The IPsec efforts are concerned primarily with the
"real-time" protection of IP datagrams so there should be no confusion within
this committee between the categories of key recovery.
To date, no requirements have been put forward within the IPsec working group
for support of key archiving or law enforcement key escrow.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Paul Lambert Director of Security Products
Oracle Corporation Phone: (415) 506-0370
500 Oracle Parkway, Box 659410 Fax: (415) 633-2963
Redwood Shores, CA 94065 E-Mail: palamber@us.oracle.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
for a secure time -> send resumes to: palamber@us.oracle.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~