From: mark@unicorn.com
Date: Thu, 30 Oct 1997 22:00:49 +0800
To: stewarts@ix.netcom.com
Subject: Re: PGP Employee on MKR
Message-ID: <878219801.29664.193.133.230.33@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain



I wrote:

> stewarts@ix.netcom.com wrote:
> 
> > Not true - you can't implement CMR without a mail enforcer unless
> > you can stop your employees from using non-CMR versions of PGP,
> > which is nearly impossible.
> 
> No, you can't enforce corporate snooping without a mail enforcer. You can
> meet the corporate demands which PGP claim to be supporting without a
> mail enforcer. There's a difference.

Actually, that's not entirely true. My suggested CMR replacement will 
work happily with non-CMR versions of PGP; they would simply encrypt to 
the default key, regardless of whether that was a group key or an 
individual's key. Hence the corporation can choose how non-CMR versions 
will interact by choosing whether to make the group key or the individual
key the default choice. This even gives users an incentive to upgrade,
rather than the current disincentive to downgrade to snoopware.

Of course it still doesn't enforce snooping, since you could just
seperate the individual key from the default group key and encrypt to 
that.

    Mark