Garth Wallace wrote: > > "Frank Hecker" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Garth Wallace wrote: > > > > > The government could just require that CAs give them a copy > > > of all public keys. > > > > I think you meant "The government could just require that CAs give them > > a copy of all private keys." > > Bleh. That's what I meant, sorry. I'm a little unclear on the > terminology--I thought "private key" meant methods like > DES.
And not all CAs even keep the private keys. Usually the keys are generated by the person asking for the certificate and only the public key key is sent in the certificate request. This holds also for some smartcard factories, where the keys are generated on the cards themselves, and _never_ leave the card (and the cards are manufactured as to prevent this altogether.) Which has its drawbacks: guess what happens when you encrypt your harddisk with such a card and then lose this card? Any terrorist/criminal can create two identical CD's (or DVD's) with random data and use them as keys for onetimepad-encryption. The algorithm has been around since 1917 and digital-tapes, disks etc. for long enough. Simple and as secure as it gets. (Ok, maybe some biometric authentication on a smart card for unlocking the CD would make it more secure) My point being that the only people that suffer from cryptolimitations are the ones that don't have anything to hide. Mikael Himanka
