Re: German Key Usage

[Andreas Berger <aberger@xxxxxxxxxxxxxxxx>]

Friedrichs, Paul wrote:
> 
>      It has become
> 
>      a habit,
> 
>      or "mantra"
> 
> or "Security 101"
> 
> or ...... a religion?
I will not comment. It does not help put credibility to the rest of the
mail.

>      that the only justification for key-escrow applies to
>      data-encryption usage, and never to dig-sig.
True. So we need at least two keys, encryption and authentication.

>      I fear we will now be assaulted with "its ok to have DS-keys
>      escrowed, as long as the NR-bit is not set."
No. 
 
>     This would be stepping on a very slippery slope.
Agreed.

>      The DS/NR separation tends to weaken key-escrow's cage.
> 
> Not if we don't let it. Germany has very strict laws protecting
> individuals' privacy. I don't think they'll slide.
The signature law is only concerned with digital signatures. No
encryption and no authentication (except for mututal autehntication of
smart cards and devices, but this our problem). We are not religious
about out key usage bits. Iff we reach a consesus, the spec could be
changed (especially if we reach agreement with other european
contiries).

> I'm not an advocate of key escrow. I don't even disagree with
> the above assertion. But we should strive to drive technology
> with more than habits and mantras.
That sounds good.

-- 
Fifty-three percent of Fortune 1000 executives think the
Arch Deluxe is something that helps to run a computer.
-- Jericho Communications