From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 4 Nov 1997 08:11:50 +0800
To: jon@pgp.com
Subject: CMR/ARR revisited
In-Reply-To: <3.0.3.32.19971103115159.0894a320@mail.pgp.com>
Message-ID: <199711032338.XAA02005@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Jon Callas suggests that CMR has been discussed vigorously.  What was
the outcome?

Here's a short summary of a more secure and less politically
controversial alternative to CMR:

1. Escrow employee company use encryption keys.
2. Don't escrow employee personal use encryption keys.
3. Don't escrow employee company use signature keys.

As pgp5 packet format already supports multiple encryption sub keys
attached to signature keys, all that has to be done to support the
above is to put comments in the userID to say what purpose the keys
are for:

Jon Callas <jon@pgp.com> (personal use)
Jon Callas <jon@pgp.com> (company use)

Provide support in the business verion of the software to escrow the
company use key.  Provide support for both company use and personal
use keys.  If some companies want to disallow personal use, you might
consider adding this feature.


The above is already provided for without CMR/ARR.

CMR/ARR fields add political and security risks, so why bother?


So what is PGP Inc's position on the future of CMR?

Is it going to be phased out?

Is it going in the OpenPGP standard?

Are there any security, privacy or political objections to local
escrow?

Enciphering minds want to know...

Adam