next up previous
Next: Healthcare experience Up: Trade and Industry Issues Previous: Trade and Industry Issues

Scaling issues

The key escrow systems proposed by governments to date all appear to be highly centralised. The DTI proposals, for example, state that a licensed TTP must offer the full range of services from key management to timestampinggif while the actual requirements of all the many distributed systems with which I have been involved over many years are for more specialised and diverse trust services.

The requirement for centralisation was made explicit at a meeting held on the 27th June at the IEE to clarify the initial announcement of an intention to legislate, officials from GCHQ, the MoD and the DTI explained that large companies should be licensed to manage their own keys (the example given was Shell), while individuals and small to medium sized enterprises would be compelled to have their keys managed by licensed third parties, which were expected to be companies like clearing banks and BT.

Such centralisation is probably unavoidable if surreptitious key recovery is the overriding constraint on system design, but has many unpleasant effects on the design of systems to suit real commercial and professional requirements.

Ross Anderson
Tue Oct 21 11:00:05 BST 1997