IBE has the key escrow
problem that the PKG could see any message because all private keys used in decryption are generated by it.
In this paper, we propose a practical approach to solving key escrow
problem of P2MIBBE.
More importantly, it does not suffer from certificate management burden and key escrow
1, which, as proposed, continued restrictions on exported encryption technology to enforce mandatory key escrow
The amended EAR regulations allow licenses for: (1) mass market distribution after a one-time review if the technology incorporates 40-bit or less key lengths;(67) (2) products that incorporate key escrow
and key recovery processes, provided the Bureau of Export Administration ("BXA") approves the process;(68) and (3) products that do not incorporate key escrow
or key recovery processes, provided (i) no greater than 56-bit key length, and (ii) the company submits a business plan that details the steps that will be taken within two years to incorporate key recovery into all future exported products.
Privacy advocates are skeptical of the impact government-supported key escrow
will have on their personal privacy.
The key escrow
encryption initiative is enshrouded in controversy.
Bob Goodlatte (R-VA) and Zoe Lofgren (D-CA), would permit unlimited domestic use of any encryption product and prohibit the federal government from imposing a key escrow
system (designed to allow government access to encrypted material).
Cullinan added that the speculation was ironic since Microsoft has consistently opposed the various key escrow
proposals suggested by the government "because we don't believe they are good for consumers, the industry or national security.
On the subject of key escrow
, which would provide security services with a back-door to confidential communications, the report said: "We can see no benefits arising from Government promotion of key escrow
or key recovery technology.
Schiller (MIT), Bruce Schneier (Counterpane Systems), and I - issued a report "The Risks of Key Recovery, Key Escrow
, and Trusted Third-Party Encryption" May 27, 1997 (see http://www.