software escrow

[Dave Farber <farber () central cis upenn edu>]

Posted-Date: Wed, 29 Mar 1995 08:45:37 -0500
To: farber () central cis upenn edu (Dave Farber)
Cc: steve () tis com
Subject: Re: software escrow 
Date: Wed, 29 Mar 1995 08:44:30 -0500
From: Stephen Walker <steve () tis com>




>  I have heard from a usually reliable source that the Administration is
> about to unveil (in the next month or so) Version 2.0 of key-escrow that is
> based on Walker's software key escrow approach.  Anyone know anything about
> what's going
> on  here?


TIS has been working with various folks in industry and government to promote
a voluntary, private sector owned and operated commercial key escrow (CKE) 
system, run by corporations and other organizations for their own use in 
emergency recovery of lost encryption keys. (See our Jan 3 paper on CKE in an
earlier message to IP).


We have a demonstration version of a Data Recovery Center up on the Internet
and are working with software vendors to add CKE client software to their
applications. 


Our discussions with the government have been aimed at obtaining export approval
for applications that use encryption such as DES when combined with CKE. I have
been told by some in government that some form of announcement concerning this 
may be forthcoming sometime in the future. 


Some may chose to view this as "the Administration ... unveil(ing) Version 2.0 
of key-escrow".  If it is our approach that is being discussed, TIS CKE is a
private sector initiative to provide a valuable service to individuals and 
organizations which, if it were to become widely deployed, might also
benefit law 
enforcement interests as a side effect. 


For more information, contact us at cke () tis com.


Steve Walker