1997-10-14 - Re: GET OFF THE DIME: PGP 5.5: Attitude

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: attila@primenet.com
Message Hash: 627de387ee4443b2a961254f02e792ae96d7335a810e3f8a8fcb90ff64a69a85
Message ID: <199710140835.JAA01158@server.test.net>
Reply To: <19971013.035233.attila@hun.org>
UTC Datetime: 1997-10-14 09:57:16 UTC
Raw Date: Tue, 14 Oct 1997 17:57:16 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 14 Oct 1997 17:57:16 +0800
To: attila@primenet.com
Subject: Re: GET OFF THE DIME: PGP 5.5: Attitude
In-Reply-To: <19971013.035233.attila@hun.org>
Message-ID: <199710140835.JAA01158@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Attila T Hun <attila@hun.org> writes:
>     There is one all important consideration in this debate:
>  
>         would you rather have PGP, Inc. with its preeminent 
>         stature in the defense of freedom, freeware, and
>         privacy as well as an established, TRUSTED product 
>         defining THE system which meets the need of the 
>         free world business, but is not selling out to 
>         GAK or CAK? 
> 
>         or, would you rather see IBM, HP, TIS and others with 
>         their GAK products and potentially even backdoors?
>         are any of these vendors even planning to give us 
>         source code so we might have a warm and fuzzy feeling
>         until someone blows a hole in it 10 years from now?

_Of course_ we all agree that it is much better to have PGP Inc
implement a CAK system than IBM, HP, TIS or other GAK-sellout'ers.

Attila, I generally liked your rant, and agreed with pretty much most
of it.  However I would repeat what I said to Jon Callas with his
nicely written rant which started this thread on `attitude' (modified
for Attila rant relevance):

: [bucko big snip]
: 
: Well, it was a nice rant, Attila.  Most of it was even crypto-correct :-)
: 
: But the problem is you didn't address the point causing PGP's perceived
: hostilities.  Not once.

Now as you say above, if there was no choice on how to implement CAK,
well we'd all be forced to agree that PGP Inc hard no alternative but
to do what they have done and implement something which can be
directly used as a fully functional GAK system, because of the
requirement for company availability of data.  We'd feel unhappy about
it, as Jon Callas himself admitted of the CMR design but acknowledging
the user requirement and inevitability, in similar ways that you have
been arguing for.

We'd then be acknowledging the nice balances which PGP have put in as
expressed by PGP's Jon Callas and Jon Seybold respectively: the
principle of transparency: that PGP is recommending that companies
flag mail addresses which are "company use" mail boxes where the
company may be reading; and Jon Seybold's point about decentralised
company escrow designs being much better than centralised ones.  Both
are very good points.

The point is that, _of course_ we acknowledge these points; that is a
complete no-brainer.


_This_ is the point I am trying to get across:

- If you (as a crypto software company) have users who have a
  requirement for data recovery of stored email (and there is a pretty
  reasonable business case for this), then as a company which claims
  to be against the dangers of mandatory GAK, you should do everything
  you can to make your system non-useful to the GAKkers purposes.  PGP
  has done somethings in this direction (the two points I list above
  for example).  But they could do more:

- I have laid out a perfectly feasible design for providing a fully
  functional non-GAK compliant "Commercial Data Recovery" (CDR) system.
  I have not seen any PGPers anonymous or otherwise who have come up
  with any flaws in this design; nor even with any functionalities
  which it is not capable of meeting with similar degrees of weak tamper
  resistance to the GAK compliant CMR design.

Did you miss that argument?

I'll use the term "data recovery" to describe it to highlight the key
differences between PGP's method which is Commercial _Message_
Recovery, because the "message recovery" design philosophy is a
fallacy adopted by swallowing the GAKkers "key escrow" arguments.  The
argument that you somehow need to escrow transient communications keys
to allow governments access to information stored on disks.  That
people swallow this argument never ceases to amaze.

You will notice that there have been no technical refutations of my
CDR design.  I and others have I think been able to demonstrate that
it is just as flexible, and to boot more secure.

> [bucko huge snip]

I agree with the rest of Attila's points.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






Thread