At 11:48 AM 9/7/00 -0700, Ray Dillinger wrote:
>
>On Thu, 7 Sep 2000, Matt Crawford wrote:
>>If it takes the conscious participation of 10 employees to divulge
>>a key when demanded, it will be that much harder to prosecute for
>>"tipping-off".
>
>It's not clear to me how you could set up a situation where one
>employee was able to *use* the key, and access encrypted data,
>but it would still take ten employees to *divulge* it.
The issue is tipping off the key's owner.
If Alice's key is secret-shared among Bob,Carol...Katy,
to subpoena Alice's key, you either need to ask Alice,
which lets Alice know she's a suspect, or else you need to ask
the other 10 people, which you might be able to do quietly.
Alice knows all of Alice's key, so she can use it,
but the other 10 people only know shares of the keys.
Of course, with 10 or 100 shareholders, word will
probably get around to Alice that she or somebody's a suspect.
This is especially effective for signature keys used to
authenticate Diffie-Hellmann key exchanges, because neither method
of obtaining Alice's key lets you decrypt past messages -
it only lets you forge future messages through your Man In The Middle,
so if Alice knows she's a suspect, she can issue new signature keys.
It's much easier to argue in court that confiscating a signature key
is unfair and ineffective and leads to forgery, unlike an encryption key
which might assist the police in their investigations.
(But you can only do that if you're aware that it's being taken.)
A secret-sharing strategy *should* include the company's legal advisors
and upper management, who have a need to know whether the investigation
is likely to divulge legitimate corporate business or
whether it's just about Alice's side activities selling broadswords
to the Scottish Liberation Army.
Also, they have a legitimate corporate need to know that
Alice may be unexpectedly taking a long vacation and that they
should find somebody else to handle her job while she's away.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
