From: Fisher Mark <FisherM@exch1.indy.tce.com>
Date: Sat, 25 Oct 1997 01:38:44 +0800
To: "'cypherpunks'" <cypherpunks@cyberpass.net>
Subject: RE: PGP Employee on MKR
Message-ID: <2328C77FF9F2D011AE970000F84104A74933D0@indyexch_fddi.indy.tce.com>
MIME-Version: 1.0
Content-Type: text/plain



>> Not to mention that *ANY* crypto system can be turned into GAK if
>> the FBI & NSA get congress to pass the laws that they want.
>
>Yes, but PGP WANT TO BUILD THIS INTO EVERY SYSTEM THEY SELL!!!!! I
don't
>care that any Perl hacker can write a script which builds CMR into PGP
>2.6.2, because those scripts are restricted to those who wish to use
>them. PGP ARE BUILDING THE FUNCTIONALITY INTO EVERY PRODUCT THEY
SELL!!!!

But the changes to add GAK/GMR/CMR to PGP (or any other crypto product
that permits multiple recipients) are close to trivial.  Don't be fooled
into thinking that if PGP takes this "feature" out (can't be a bug --
it's documented :) that that will make it a lot harder to add that
feature back in once the appropriate laws are passed.

Still, in retrospect, PGP's engineers and scientists should have thought
about all the security implications of CMR -- they might have
implemented CDR to begin with.
==========================================================
Mark Leighton Fisher          Thomson Consumer Electronics
fisherm@indy.tce.com          Indianapolis, IN
"Their walls are built of cannon balls, their motto is
'Don't Tread on Me'"