1998-11-14 - NAI(L) in PGPs coffin (Re: network associates back in kra)
Header Data
From: Adam Back <aba@dcs.ex.ac.uk>
To: stevem@tightrope.demon.co.uk
Message Hash: 8c9b9dba51073212ed0862a0df9eb00090705f9afedaf085b658b2194be706ce
Message ID: <199811140004.AAA27507@server.eternity.org>
Reply To: <19981113201903.A25115@tightrope.demon.co.uk>
UTC Datetime: 1998-11-14 00:38:03 UTC
Raw Date: Sat, 14 Nov 1998 08:38:03 +0800
Raw message
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 14 Nov 1998 08:38:03 +0800
To: stevem@tightrope.demon.co.uk
Subject: NAI(L) in PGPs coffin (Re: network associates back in kra)
In-Reply-To: <19981113201903.A25115@tightrope.demon.co.uk>
Message-ID: <199811140004.AAA27507@server.eternity.org>
MIME-Version: 1.0
Content-Type: text/plain
Steve Mynott writes:
> subject says it all
>
> roll on gpg
NAI rejoining KRAP would be something of a gift for any competitors of
PGP producing PGP compabile replacements if there were any serious
contenders.
Or perhaps for S/MIME vendors, if they weren't already mostly KRAP
members, or pretty neutral / prone to be bribed by defense contracts,
and if S/MIME and PKIX weren't so hierarchical in design:
I'm not sure S/MIME based offerings are much of an alternative because
the hierarchical model, and ability of a CA to restrict what the end
user can use keys for (not for certification for example), and
generally inability to use clients without cert obtained from another
KRA member -- verisign, all add up to bad news. The whole mess can be
controlled by GAKkers via the CA, and the CAs are the target for
example of the UK GAK attempt being led by the DTI (Department of
Trade and Industry -- meant to be representing industry, but instead
trying it's level best to put GCHQ / ECHELON interests ahead of
business interests, as acknowledged by DTI winning Privacy
International's hall of shame award.).
To expand briefly on the UK (DTI) current proposal: it seems to be
that they are trying to stack the deck by giving signatures made with
a key certified by a UK government "licensed" CA given better
recognition in law than signatures made by an unlicensed CA. The
licensed CA doesn't have to escrow signatures keys, but if it does and
provides any service relating to confidentiality keys also it must
also keep private keys. (Deliverable to GCHQ / ECHELON within 1 hr 24
hours a day 365 days a year -- GAK on steroids).
Someone on ukcrypto coined the phrase `licensed to leak' to express
the government coerced baggage that goes with a licensed CA.
Indeed roll on the GPG.
Adam
Thread
Return to November 1998
- Return to “Adam Back <aba@dcs.ex.ac.uk>”
- Return to “Max Inux <maxinux@bigfoot.com>”
Return to “Steve Mynott <stevem@tightrope.demon.co.uk>”
- 1998-11-13 (Sat, 14 Nov 1998 05:32:41 +0800) - network associates back in kra - Steve Mynott <stevem@tightrope.demon.co.uk>
- 1998-11-13 (Sat, 14 Nov 1998 07:39:21 +0800) - Re: network associates back in kra - Max Inux <maxinux@bigfoot.com>
- 1998-11-14 (Sat, 14 Nov 1998 08:38:03 +0800) - NAI(L) in PGPs coffin (Re: network associates back in kra) - Adam Back <aba@dcs.ex.ac.uk>