From: Ryan Anderson <randerso@ece.eng.wayne.edu>
To: Anonymous <cypherpunks@cyberpass.net
Message Hash: 5988aaafee0856b2ff9f8bc66772dca3cf40e6d2fe897bd01302be55f4fa60dd
Message ID: <3.0.2.32.19971008090442.0070305c@ece.eng.wayne.edu>
Reply To: <36e200bba528c46e3694521079832b77@anon.efga.org>
UTC Datetime: 1997-10-08 13:16:25 UTC
Raw Date: Wed, 8 Oct 1997 21:16:25 +0800
From: Ryan Anderson <randerso@ece.eng.wayne.edu>
Date: Wed, 8 Oct 1997 21:16:25 +0800
To: Anonymous <cypherpunks@cyberpass.net
Subject: Re: What's really in PGP 5.5?
In-Reply-To: <36e200bba528c46e3694521079832b77@anon.efga.org>
Message-ID: <3.0.2.32.19971008090442.0070305c@ece.eng.wayne.edu>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
At 03:26 AM 10/8/97 -0400, Anonymous wrote:
>>This downside is particularly insidious for a number of
>>reasons. First, without fixing that problem, strong cryptography will
>>be in some sort of limbo. You want to use it to protect your valuable
>>information, but you won't want to use it for any information that's
>>*too* valuable, because it's easily lost. Crypto-protected
>>information is fragile, and this fragility could hurt its widespread
>>deployment.
>
>What you call "fragility" is properly called "security". Would you
>describe 128-bit keys as more "fragile" than 40-bit keys? Why is PGP,
>Inc. inventing propaganda terms for the authorities?
Okay, call it security but the point is, if you're protecting documents vital
to your company using encryption (say the design of a new product) and the
person who knows the passphrase dies, you've just lost a great deal of money.
PGP for Business Security gives the business a way to have a backup key that
can read that person's information. Frankly, it might not be able to read
anybody elses, from the description given.
This is a feature that any business (that understands encryption) will want.
They can easily store the secret keys of the other id someplace secure, and
never retrieve them until someone dies. Disavow knowledge of them to
government, etc. heck, the keys can even be in the primary person's
posession. (Perhaps stored in a safe-deposit box, or without a passphrase,
etc.)
>>Data recovery is useful for a number of things. Perhaps you lost your
>>passphrase. Or data might have been encrypted by an employee or co
>>worker who was in an accident. (As an aside, fifteen years ago, the
>>architect of a product I worked on was in a severe car wreck. He was
>>not killed, but suffered brain damage and has never returned to
>>work.) Your spouse might need access to financial records. Everyone,
>>be they an individual, business, or coporation has a right to having
>>their data protected, and protection not only means being able to put
>>it into a safe, but getting it out of that safe later.
>
>It is fascinating to me that every example you use does not involve
>decrypting transmitted messages. Yet, that is the feature which is
>under discussion.
Amazingly, he gave an example where, had encryption been used, the project
would have stopped, and restarted because the person with the keys was
incapacitated. Are you just being combative here?
>The demand for the ability to decrypt encrypted messages in the
>corporate environment can easily be measured with this test: how many
>companies have a policy that requires employees to record all outgoing
>mail?
Well, any company giving stock advice (and governed by SEC rules on stock
tips, etc.) is already require to have all outgoing mail approved (e-mail and
snail), so does it matter if they record it or not?
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCVAwUBNDuE6Tc3ytqHnNyNAQFzTQP/cLBt7fwDLXHyVecvoB3U1y0aRNXA22IH
Eceiuc4itfZjRG4mwokIzrTnhIUeEqF5BommDqDwdXxg/re1JMYETj4v9apD47Lt
nIFVc+mNvKVDQOLtp9cETgepm76IqgHUWZgQxKkgTFtANM5IxXn8IkI51ATd2A3E
hj4npnS3bYQ=
=0Ib2
-----END PGP SIGNATURE-----
-----------------------------------------------------------------------
Ryan Anderson - <Pug Majere> "Who knows, even the horse might sing"
Wayne State University - CULMA "May you live in interesting times.."
randerso@ece.eng.wayne.edu
PGP Fingerprint - 7E 8E C6 54 96 AC D9 57 E4 F8 AE 9C 10 7E 78 C9
-----------------------------------------------------------------------
Return to October 1997
Return to “Tim May <tcmay@got.net>”