From: "Thomas Junker" <tjunker@mail.phoenix.net>
Date: Mon, 27 Oct 1997 16:39:17 +0800
To: Lucky Green <cryptography@c2.net
Subject: Re: Technical Description of PGP 5.5
In-Reply-To: <199710241425.PAA01534@server.test.net>
Message-ID: <199710270843.CAA26524@raid2.fddi.phoenix.net>
MIME-Version: 1.0
Content-Type: text/plain



On 25 Oct 97 at 11:03, Lucky Green wrote:

> At 03:25 PM 10/24/97 +0100, Adam Back wrote:
> 
> >If the pgp5.5 functionality is designed to provide companies with a
> >disaster recovery procedure (forgotten passphrase, or dead employee),
> >there are much better ways to do it.  We're not arguing against the
> >user requirement, just against the methodology.
> 
> There have been numerous proposals on the list to accomplish the above
> goals in a way other than the method employed by PGP. I have read the
> proposals and I am not convinced that said proposals are less intrusive.
> IMO the vast majority of the proposals I saw are more intrusive.

How about *no* recovery, eh?  Is that not less intrusive?

Recovery of messages in transit is a complete red herring.  Such
messages are not recoverable now except by means that are complete
no-brainers ("Joe, I never got your reply to my request for
blah-blah, did you send it?  If so, please resend.")  Isn't the mere
fact that such messages might be encrypted both incidental and
inconsequential?  Add to that the *fact* that Internet email is
nowhere as unreliable as so many seem to suggest.  The only losses
of email that I've ever seen were attributable to user error or ISP
outage, not to failure of delivery attributable to the network. I've 
maintained threads of back and forth email exceeding 600 message 
cycles without the thread being broken by failure of a message to 
arrive at its intended destination.

Recovery of messages in transit is entirely a snooping issue, 
methinks.

Recovery of stored messages and files also seems to me to be a
solution to a largely imaginary problem.  As I wrote before, there
are more ways and more likely ways to lose data than through keeping
encrypted files.  People live with it.  If they wish to address it,
either individually or institutionally, they can do so without
special features in PGP.  A feature in mail clients to store the 
decrypted message in place of the original would do more to avoid 
loss of stored encrypted messages than anything else I've seen 
proposed.

This reminds me a lot of the objections of a few to sending EDI 
traffic over the Internet.  When I proposed this in recent years I 
got a wail from some people over the loss of third-party time 
stamping and message delivery verification that can occur in the 
simpler scenarios of bypassing the cash-cow Value Added Networks.  
But, um, didn't everyone print those documents on *paper* and drop 
them into USPS *mail boxes* just a few short years ago?  What 
reliable third party time stamping and message delivery verification 
did they have then?  Am I mistaken or didn't the entire economy 
function on the basis of snail-mailed invoices and other documents? 
How on earth did people manage under those primitive circumstances?

How on earth can people manage email and disk files without the 
ability to "recover" data that can be lost in a thousand other ways 
that no encryption package can protect against.  Geez.  Let's get 
real here.

Regards,

Thomas Junker
tjunker@phoenix.net