From: "William H. Geiger III" <whgiii@invweb.net>
Date: Thu, 16 Oct 1997 02:46:21 +0800
To: Eli Brandt <eli@gs160.sp.cs.cmu.edu>
Subject: Re: FCPUNX:PGP Key Escrow and Congress
In-Reply-To: <199710151811.LAA23906@toad.com>
Message-ID: <199710151825.OAA20321@users.invweb.net>
MIME-Version: 1.0
Content-Type: text/plain



In <199710151811.LAA23906@toad.com>, on 10/15/97 
   at 02, Eli Brandt <eli@gs160.sp.cs.cmu.edu> said:

>Bruce Schneier wrote:
>> From: "Barbara Simons" <simons@VNET.IBM.COM>
>>
>> Some of these are old arguments that we've been hearing for a while,
>> but some are newer.  In particular, points 4 and 6 are difficult to
>> refute without getting into some technical details.  Both points also
>> undercut the argument that a key recovery infrastructure potentially
>> weakens security.  After all, the NSA thinks it's secure enough that it
>> can be used by the government.

>Non-technical point: the NSA (reportedly) has no intention of using GAK
>for classified information.  They know that it weakens security.

>Do the privacy of the nation's data and the security of its
>information infrastructure deserve the same consideration as the
>Pentagon's "Confidential" memos?  When you're planning to build in a
>single point of failure, this is a question you have to ask.

There are those of us who see a single point of failure in such
infrastructures as a GoodThing(TM).

-- 
---------------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html                        
---------------------------------------------------------------