1997-10-24 - Re: PGP Employee on MKR

Header Data

From: mark@unicorn.com
To: whgiii@invweb.net
Message Hash: 0b464ce0aec592cab021bb544cb1af26296d6af61b8a8e72db3174e9a707e98b
Message ID: <877698834.17691.193.133.230.33@unicorn.com>
Reply To: N/A
UTC Datetime: 1997-10-24 13:25:52 UTC
Raw Date: Fri, 24 Oct 1997 21:25:52 +0800

Raw message

From: mark@unicorn.com
Date: Fri, 24 Oct 1997 21:25:52 +0800
To: whgiii@invweb.net
Subject: Re: PGP Employee on MKR
Message-ID: <877698834.17691.193.133.230.33@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain



whgiii@invweb.net wrote:

> No their system does not. For what the FBI and NSA want much more needs to
> be done.

Really? Read the message I sent after that one. Let's suppose it's 2007,
PGP have 99% of the crypto market. CMR compatibility is incorporated into 
all their products. 

The FBI announce that from today all Internet providers must support PGP
SMTP enforcers on all mail passing across their links, and block all other
SMTP connections. Regardless of whether your mail is spooled on your ISP's
hard disk, it will always pass through their link. All encrypted mail must
now be encrypted to the FBI's key as well as the end user's key or it will
bounce.

So, tell me why "much more needs to be done". Tell me again why this
can't be implemented. The only reason it *can* be implemented is that
PGP build the feature into their software.

> Not to mention that *ANY* crypto system can be turned into GAK if
> the FBI & NSA get congress to pass the laws that they want.

Yes, but PGP WANT TO BUILD THIS INTO EVERY SYSTEM THEY SELL!!!!! I don't
care that any Perl hacker can write a script which builds CMR into PGP
2.6.2, because those scripts are restricted to those who wish to use
them. PGP ARE BUILDING THE FUNCTIONALITY INTO EVERY PRODUCT THEY SELL!!!!

How hard is this to grasp?

> What PGP Inc. did was provide what their *customers* , you know the ones
> that pay their bills and keep them in business, wanted in a timely fashion
> with little modification to their current code while circumventing some of
> the more draconian requests.

Really? Did their customers ask specifically for PGP's flawed CMR
implementation, or did they actually say things like 'Well, we want to
be able to recover mail if someone dies or leaves the company'? If it's
the latter, don't you think that PGP should take responsibility for
implementing it in such a GAK-friendly way?

You seem be repeating the other pro-PGP mantra 'oh, you're not thinking
of the company's point of view'. I certainly am, which is why I want to
see that they get the best, most secure system without any GAK-friendly
features.

Here's a quick example of how cool CMR is... let's suppose that 
loser@foo-bah.com upsets a customer and is working for a CMR corporation.
Mr Irate Customer downloads some of that kiddie porn that we're told is
all over the Net, and encrypts it to loser@foo-bah.com, but doesn't
encrypt it to the company key. Mr Irate Customer mails hundreds of these
images to loser@foo-bah.com. Their system bounces them. The security
personnel at foo-bah.com notice all these bounces and snarf some of the
messages.

The security personell take these messages to Mr Loser, and force him to
decrypt them. Shock, horror, what a hideous, insane pervert Mr Loser must
be to be receiving all these messages. Mr Loser is handed over to the cops
and taken away. He might not go to jail, but he'll lose his job.

With a more rational implementation Mr Loser would receive the messages
and see that they're obscene, and immediately report them to the security
personnel who could track down the sender. But when the security personnel
find them first, they immediately assume that Mr Loser asked for them.

Now, if you want to be able to get people sacked, this is cool. If you
work for a company with CMR, this is really bad. It is also unneccesary.

> >These are the important questions we should be asking and noone on the
> >pro-PGP side seems interested in answering them. Why?
> 
> They have been answered time and time again, you just have not been
> interested in listening.

They have not. All we've heard are 'oh, don't worry, it can't happen,
be happy' assurances with no basis in fact. Is it any wonder we aren't
listening? 

> If this is such a life and death issue why don't you and some of the other
> Cypherpunks Philosopher Kings get off your armchair quarterbacking write,
> test, debug, and *market* your superior system??

Duh, because PGP has name recognition, and because by the time it was
finished they'd already have a large part of the market. But note: I'll
be very surprised if PGP CMR gets into the OpenPGP spec. Which means that
any other compliant implementation of PGP will not be compatible with
CMR. 

> Perhaps because the majority of the "PGP Inc is evil" crowd
> here couldn't make a buck in the business world if their lives depended on
> it.

Oh sure, ad hominem, ad hominem. What the hell do you think I do all
day? Why the hell do you think I'm spending so much time trying to show
people what CMR's problems are when I could be making money?

> I also find it interesting how there is "much weeping gnashing of teeth"
> over PGP 5.5 , which does nothing that couldn't be done with 2.6, while
> Netscape, RSA and the S/MIME crowd put weak crypto on every desktop??

Better weak crypto than GAK. Key-lengths can be increased, government
surveillance infrastructure cannot easily be removed.

    Mark






Thread