1997-10-23 - Re: PGP 5.5 CMR/GAK: a possible solution

Header Data

From: Tim May <tcmay@got.net>
To: mark@unicorn.com
Message Hash: 0ba9c300aa9dc2318bb88f72182b5c05d9ba8fe812afb7569185b49ab1c024da
Message ID: <v03102802b07532e9d880@[207.167.93.63]>
Reply To: <877615176.6781.193.133.230.33@unicorn.com>
UTC Datetime: 1997-10-23 17:17:07 UTC
Raw Date: Fri, 24 Oct 1997 01:17:07 +0800

Raw message

From: Tim May <tcmay@got.net>
Date: Fri, 24 Oct 1997 01:17:07 +0800
To: mark@unicorn.com
Subject: Re: PGP 5.5 CMR/GAK: a possible solution
In-Reply-To: <877615176.6781.193.133.230.33@unicorn.com>
Message-ID: <v03102802b07532e9d880@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



At 6:59 AM -0700 10/23/97, mark@unicorn.com wrote:
>tcmay@got.net wrote:
>
>> Our mileages apparently vary. When _I_ send a message to, say, Jon Callas
>> at PGP, Inc., it is to Jon Callas, not to others. It might be a job offer,
>> it might be an invitationf for him to help monkeywrench CMR, it might be a
>> stock tip, it might be a comment about a conversation we had a party, it
>> might be a lot of things.
>
>Hmm, as usual, you make a good point. The uses I was thinking of were the
>kind of uses that people have suggested as reasons for CMR; emailing orders,
>etc to companies. Today I rarely do that because telephoning companies is
>much easier, and in the future I'd expect to be sending most of them over
>the Web rather than by email. I presume these *are* the kind of uses that
>PGP Inc are expecting, since their system seems to have no other value
>except as snoopware.

And things like purchase orders, contract negotiations, etc., are best
handled by storing in plaintext. Communications security is just that:
_communications_ security, not storage security.

These sorts of items--purchase orders, etc.--will likely exist on employee
machines in plaintext. Or encrypted to the storage key the employee is
using.

(Will PGP for Business deal with this reality in any meaningful way? This
is the real "disaster planning" scenario, that Joe Employee's 4 GB hard
drive is either fully encrypted, or is filled with encrypted files. With
the increasing use of "open landscaping" in offices, machine security in
cubicles is probably  more important than communications security. At Intel
I used to find my machines had sometimes been played with by the nightime
shift....and I'd find sandwich wrappers and Coke cans in my trashcan, and
crumbs, indicating that some swing or graveyard shift worker had used my
office as his own little lunchroom. Were I still working, I'd certainly be
encrypting my files against casual snooping. Or even industrial espionage
snooping. And I wouldn't be using my communications key!)


>> If I was sending it to "Jon's coworkers in Department Z," I probably either
>> wouldn't encrypt it at all, or would (if the option existed) encrypt to
>> some departmental or group key.
>
>Yep, which is basically what I was suggesting. The user chooses which key
>to use based on their perception of the sensitivity of the message, not
>the enforced company policy. If it's confidential, it's confidential; if
>the company think I'm up to no good they can come around and force me to
>decrypt a particular message, or sack me if I refuse. Their call.

I agree, but this doesn't seem to be the way PGP 5.5 and its Policy
Enforcer will work. Users (senders from outside, like me) will not have the
options you describe. My private message to Jon Callas will not get through
to him unless I also encrypt to the Security Department's CMR key...and
they may have some interesting questions for him about the content of my
message!

(Yes, as always, companies have the right to demand pretty much anything
they please. No debate there. What we're arguing is the wisdom, on multiple
fronts, of PGP, Inc. building in Big Brother like this.)


>Ditto, at least if it's PGP's current 'mandatory voluntary' snoopware
>design. I won't be running any version of PGP which includes this
>'feature' in its current form; I would also suggest that we boycott any
>scanning and proofreading efforts for future versions of PGP which include
>this code, or remove it from the source before release. If PGP's commercial
>customers lose business as a result, that's their choice.

I think a boycott of PGP's products is a distinct possibility, from what
I'm hearing.

--Tim May


The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^2,976,221   | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








Thread