home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: sci.crypt
- Path: sparky!uunet!pmafire!news.dell.com!swrinde!emory!sol.ctr.columbia.edu!spool.mu.edu!umn.edu!csus.edu!netcom.com!strnlght
- From: strnlght@netcom.com (David Sternlight)
- Subject: Re: Limits on the Use of Cryptography?
- Message-ID: <1992Nov11.155632.29487@netcom.com>
- Organization: Netcom - Online Communication Services (408 241-9760 guest)
- References: <1992Nov11.061210.9933@cactus.org>
- Date: Wed, 11 Nov 1992 15:56:32 GMT
- Lines: 37
-
-
- Terry Ritter raises the question of the forced discovery of keys AFTER the
- legal system has become engaged. I believe the laws related to discovery
- are quite broad. In a civil suit, for example, either party has the right
- to subpoena any papers of the other they think reasonably relevant. The
- only protection is a suppression order by the judge, on grounds of trade
- secrets, etc. Such an order does not prevent either party from seeing
- the papers, but simply seals them so they cannot be used nor disclosed
- to third parties, except for purposes of the lawsuit.
-
- It would seem to me that one could force the disclosure of keys quite
- easily, given that background. Anyone could, for example, sue someone
- for damages based on some cause, and then use discovery to get
- whatever they want. Of course it's after-the-fact, but it makes
- public key systems particularly vulnerable, since once they have your
- private key (if you don't change it often, or if you done have classes
- of private keys for different activities), they can read everything.
- Since the whole value of a public key system is to have a single key
- set so people can send encrypted traffic to you, anyone "up to no
- good" would probably more likely use a private key system, with many
- different keys.
-
- Perhaps a smart judge would permit you to furnish plaintext instead of the
- key, though likely not, since you couldn't "prove" that was the real plaintext
- without revealing the private key. Maybe there's a way to authenticate the
- plaintext via signatures, without having to reveal your private key--dunno.
-
- I've always thought the protections in the discovery rules to be very weak.
- Once an adversary party knows confidential (sealed) information, unless
- it's something clean-cut, such as a unique invention that cannot be duplicated
- except via your method, the cat is out of the bag and it's very hard to prove
- disclosure or improper use of sealed information.
-
- --
- David Sternlight
- (pgp 2.0 and ripem public keys available on request)
-
-