From: Toto <toto@sk.sympatico.ca>
Date: Sun, 19 Oct 1997 06:15:29 +0800
To: Kent Crispin <kent@bywater.songbird.com>
Subject: Re: Is PGP still private?
In-Reply-To: <3.0.3.32.19971017170704.009de630@mail.pgp.com>
Message-ID: <3449311A.1F0E@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain



Kent Crispin wrote:

> On Sat, Oct 18, 1997 at 08:48:56AM +0100, Adam Back wrote:
> > My reasoning is this: as PGP Inc can not justify expense on such
> > developments, my CDR proposal would be much safer for them to
> > implement because it requires no steganography support, or other
> > privacy patches to provide protection against abuse of the software
> > for uses other than PGP Inc's designers intentions.
 
> You keep talking as if your CDR proposal is other than vaporware.  So
> far as I have seen you don't have a proposal, you have a wish.

  Given Adam's many accomplishments in the arena of CypherPunks issues,
I find it hard to make a case for his discussion in this area to be
mere mental masturbation.
  'Democracy in America' is also vaporware--always has been, always 
will be--but I see no reason we should not go on discussing it and 
hoping that we will not having to keep pushing the release date of the
finished product back, time and time again.
 
> [...]
> 
> > > You are in error. The only time that you are forced to use CMR is when (1)
> > > you share the CMRK with the other party AND (2) the strict flag is set. In
> > > all other cases, you can opt-out, on a message-by-message basis.

> Adam, it is a complete and utter waste of time to debate this.

  I agree. I think that we should just wait until someone comes out
with an actual product, and then castigate them for their ideas being
"ill-thought out." 

> What would *not* be a waste of time would be more concrete proposals.
> Whether PGP implements something is a separate question -- I would
> like to get back to the question of designing a better email
> encryption system.
> 
> Your reencryption scheme fails because of the management of the short
> term encryption keys, among other things.  Here's another approach I
> will toss out, without thinking through:
> 
> How about formalizing superencryption, or tunneling? That is, treat
> CMR traffic as a transport medium for messages that are themselves
> already encrypted.  The "key" idea here is to allow layering of non
> CMR traffic over CMR traffic.  All the code for both is obviously
> already in PGP, with a little glue and perhaps some minor protocol
> mods...

  In return for your positive suggestions, the CDR Board of Dirctors
has voted to allow you two posts containg cheap shots at the list
member of your choice, without including any points of redeeming,
on-topic, list value.

Toto
~~~~
"The Xenix Chainsaw Massacre"
http://bureau42.base.org/public/xenix
"WebWorld & the Mythical Circle of Eunuchs"
http://bureau42.base.org/public/webworld
"InfoWar"
http://bureau42.base.org/public/infowar3
"The Final Frontier"
http://www3.sk.sympatico.ca/carljohn