In article <[log in to unmask]>, Adrian
Midgley <[log in to unmask]> writes
>A repository of keys with somebody we genuinely trust may be a useful
>thing - one willl occasionally be faced with a partner who has lost the
>key to his encrypted patient records and expects one to sort it out,
>and on a larger scale it may be desirable to have _the option_ of
>saving a spare key in th ebank, and better than one of those magnetic
>boxes under th echassis, or the computer equivalent, a sticky note on
>the monitor.
I would need a lot of convincing that there is really ever any reason to
allow one's private key into anyone else's possession - especially for
signing. There are ways of getting around lost keys without needing to
resort to a remote third party - like for example having a spare key, or
a "lock" that can be undone by a combination of several other users'
keys - but not by any one alone. I guess that this will ultimately come
down to what you mean by "genuinely trust" - would be happier to trust
my partners than A** M*d*t*l or any other otherwise trusted supplier.
Should we actually ramp up our use of PGP5 just to make Ewan's point?
If everyone and anyone in the world (Internet has no borders) has access
to PGP why stop law abiding citizens from making legitimate use whilst
having no way of stopping International Crime Inc.
--
John Williams
Email: [log in to unmask]
Fax: 01483 440928
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|