1997-10-23 - Re: PGP Employee on MKR

Header Data

From: mark@unicorn.com
To: cypherpunks@cyberpass.net
Message Hash: ef193cc7ae650a189d4d269932b29c50f8dfc636ea811e790e30b7a995db2d89
Message ID: <877607579.27586.193.133.230.33@unicorn.com>
Reply To: N/A
UTC Datetime: 1997-10-23 11:57:04 UTC
Raw Date: Thu, 23 Oct 1997 19:57:04 +0800

Raw message

From: mark@unicorn.com
Date: Thu, 23 Oct 1997 19:57:04 +0800
To: cypherpunks@cyberpass.net
Subject: Re: PGP Employee on MKR
Message-ID: <877607579.27586.193.133.230.33@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain




[Resent because god-damned Netscape screwed up the line-breaks]

A PGP Employee wrote:
>> Unfortunately these people just don't get it. Corporations refused
>> to buy 5.0 because it did not have any way for the corps to get at
>> email encrypted to their employees. There are some very legitimate
>> uses of this, such as when an employee dies and someone else has
>> to take over for them.

No, PGP Inc 'just don't get it'. I'm sure that there are plenty of people
out there who disagree with the entire concept of CMR, and I'm not very
happy with it myself. But that's not the most important issue here.

Since this point just doesn't seem to get through to PGP Inc employees, 
I'm going to shout.

FORCING ENCRYPTION TO MULTIPLE KEYS FOR ONE RECIPIENT IS ONE STEP 
AWAY FROM GAK. FORCING ENCRYPTION TO MULTIPLE KEYS FOR ONE RECIPIENT 
IS ONE STEP AWAY FROM GAK! FORCING ENCRYPTION TO MULTIPLE KEYS FOR 
ONE RECIPIENT IS ONE STEP AWAY FROM GAK!! FORCING ENCRYPTION TO 
MULTIPLE KEYS FOR ONE RECIPIENT IS ONE STEP AWAY FROM GAK!! 
!!!*FORCING ENCRYPTION TO MULTIPLE KEYS FOR ONE RECIPIENT IS ONE 
STEP AWAY FROM GAK*!!!

Is that clear enough? Do you understand what I (and, apparently, Adam 
Back and others) am saying now? The problem is not so much with the fact 
that you're supporting company needs, but with the way you're doing so.

>> They also don't seem to realize that you always have the ability
>> to remove the MRK from your list of recipients.

Just as government-supported rating schemes are purely voluntary and 
will be so for, oh, I don't know, a couple of years? Once the infrastructure 
is there, we need only an executive order to make it mandatory. If this 
software ships in its current form and becomes the dominant player in the
market, in four or five years all keys will be GMR keys with the FBI or
NSA as one mandatory recipient. You 'privacy zealots' will have created 
the government's surveillance infrastructure. I hope you'll feel proud.

>> Sometimes I really feel like screaming at these people. _All_ of
>> the developers at PGP are personal privacy zealots and no one
>> likes the idea of the MRK. 

Good. Then reimplement it to avoid giving the government a GAK/GMR
infrastructure. Yesterday I posted a modified version of PGP's CMR to
the cypherpunks list which can't be used for GAK because it only 
encrypts to one key; Jon Callas just told me I'd 'redesigned PGP 5.5'. 
Cool. I've redesigned PGP 5.5 so that it can't support GAK; in that 
case, please implement it, or accept that you're deliberately choosing 
to support the thugs in governments around the world and have become 
part of the problem.

>> That is why we refuse to make them
>> required. 

Just 'mandatory voluntary' for companies which have your SMTP enforcer
enabled. What's the difference?

>> Most everyone at PGP has
>> internalized personal privacy as a cause (actually most had it
>> before they joined PGP).

So prove it. Stop working on creating a GMR/GAK infrastructure. The 
current PGP CMR system has numerous problems which many people have 
pointed out on the cypherpunks list, and you'd do better to solve 
those problems rather than see them in a major New York Times article 
about '101 Ways PGP 5.5 Harms Company Security'. How long will PGP 
Inc last when it's reputation for providing secure products is in 
tatters, because it chose to release a product which deliberately 
reduced company security and opened them to new threats, rather than 
redesign their CMR to remove these problems?

The current CMR implementation is bad for us, bad for PGP Inc's 
commercial customers, and bad for PGP Inc. Why is this so hard for 
you to accept? Why ship a bad product when you can fix the problems?

    Mark






Thread