From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 24 Oct 1997 23:35:59 +0800
To: shamrock@cypherpunks.to
Subject: Re: PGP Employee on MKR
In-Reply-To: <Pine.BSF.3.96.971023211502.3688C-100000@pakastelohi.cypherpunks.to>
Message-ID: <199710241447.PAA01552@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Lucky Green <shamrock@cypherpunks.to> writes:
> I have watched this silly debate for some time now. PGP pulled an
> awsome hack on corporate America, bringing strong crypto to
> thousands of corporate drones, while Cypherpunks, the crypto elite,
> seems incapable of reponding with anything other than to engage in
> frenzied mutual masturbation fueld by GAK fantasies.

Lucky, all we're saying is that there are better ways to do it.  What
is so difficult with that?

We didn't say: "don't have disaster recovery for stored data."  (Well
I didn't and I don't think Mark did either).

We just said: "make it is diffcult as possible to abuse for GAK while
you're designing it".

> This is sad. Very sad.

If you want to get into the debate, at least start making some
specific points criticizing the obvious alternatives:

"corporate key escrow is better than commercial message recovery"

This is so because CKE requires access to the data.  CMR doesn't, the
recovery info goes over the wire.

You of all people I would have thought would see this one clearly, it
was only a few weeks ago you were arguing that the "key escrow"
argument of the Fed's was a fallacy becuase people wouldn't be using
their comms keys to encrypt stored data.  (Or something along those
lines).  Same thing here, just applied to corporate environments.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`