From: Tim May <tcmay@got.net>
To: Lucky Green <aba@dcs.ex.ac.uk>
Message Hash: 0ec32985c573c41cb7e5ce3a7edecf42c909dcbde9d4d6eb3193249c7511638b
Message ID: <v03102803b069f989d978@[207.167.93.63]>
Reply To: <199710150138.CAA09580@server.test.net>
UTC Datetime: 1997-10-15 05:13:00 UTC
Raw Date: Wed, 15 Oct 1997 13:13:00 +0800
From: Tim May <tcmay@got.net>
Date: Wed, 15 Oct 1997 13:13:00 +0800
To: Lucky Green <aba@dcs.ex.ac.uk>
Subject: Re: Just say "No" to key recovery concerns...keep OpenPGP pure
In-Reply-To: <199710150138.CAA09580@server.test.net>
Message-ID: <v03102803b069f989d978@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain
I'll try a different way of making my points...
At 9:12 PM -0700 10/14/97, Lucky Green wrote:
>I can't help but see a difference between enforcing to encrypt to a
>default key and storing the user's key outright. IMHO, the former entails
>less potential for abuse.
All other things being equal, maybe the former is slightly less intrusive
than the latter. But maybe not even this, as the two give the same results.
After all, what's the real difference between "all mail, incoming and
outgoing, must also be encrypted to a CMR key" and "you must deposit a copy
of your key with us"?
And things are most definitely not equal, in the "all other things being
equal" sense.
To wit, with the "storing a user's key outright" approach, if thousands of
companies and whatnot are doing this, there will be a mishmash, a welter,
of confusing, conflicting, byzantine arrangements. Some employees will
store their mandated spare keys in the department safe, some will put them
in "open upon my death" envelopes, some will "forget" to update the files
with their latest keys, and so on.
With this chaotic and anarchic approach, of "let a thousand solutions
bloom," Big Brother will have the devil of a time forcing GAK/GMR
(_Government_ Message Recovery_). It's essentially the chaotic, anarchic,
non-system being used today. (And I've seen little evidence corporations
are collapsing; as noted in several messages, very few pieces of e-mail are
terribly critical, and even fewer can't be recovered from local files...the
market for CMR is for law enforcement and e-mail snoopers.)
By contrast, a CMR system BUILT INTO PGP (!) will potentially become
widespread, especially if support of the non-CMR-compliant version
languishes. Or, God forbid, CMR is mandated (perhaps by "Standard
Accounting Practices" sorts of pseudo-mandates).
I'll take the chaotic and anarchic solution.
And no matter how "elegant" PGP Inc.'s solution is--which I reserve
judgement on, not having studied in as much detail as, say, Adam Back
has--no matter how "elegant," it is still building a dangerous tool for
surveillance into a widely-deployed product.
--Tim May
The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^2,976,221 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."
Return to October 1997
Return to “Zooko Journeyman <zooko@xs4all.nl>”