From: Kent Crispin <kent@bywater.songbird.com>
Date: Sun, 19 Oct 1997 00:35:32 +0800
To: ietf-open-pgp@imc.org
Subject: Re: Is PGP still private?
In-Reply-To: <3.0.3.32.19971017170704.009de630@mail.pgp.com>
Message-ID: <19971018092636.45297@bywater.songbird.com>
MIME-Version: 1.0
Content-Type: text/plain



On Sat, Oct 18, 1997 at 08:48:56AM +0100, Adam Back wrote:
> 
> Jon Callas <jon@pgp.com> writes:
[...]
> 
> My reasoning is this: as PGP Inc can not justify expense on such
> developments, my CDR proposal would be much safer for them to
> implement because it requires no steganography support, or other
> privacy patches to provide protection against abuse of the software
> for uses other than PGP Inc's designers intentions.

You keep talking as if your CDR proposal is other than vaporware.  So 
far as I have seen you don't have a proposal, you have a wish.

[...]

> > You are in error. The only time that you are forced to use CMR is when (1)
> > you share the CMRK with the other party AND (2) the strict flag is set. In
> > all other cases, you can opt-out, on a message-by-message basis.
[...]
> However I simply posit that if you live in a scenario where everyone
> you would like to communicate is forced to operate under your
> combination: for example the local laws state all businesses and ISPs
> insisting that they use pgp5.5 policy enforcer and turn on strict
> flag.
> 
> This possibility seems to be being discounted as unrealistic, or at
> least as being optional, because you can by pass it.

It does seem rather unrealistic.  It would essentially involve
replacing the entire email infrastructure, at a significant cost, and
a rather sweeping suite of further laws that restrict the use of
encryption to only PGP, forbid me running sendmail on my linux box,
etc, etc

> I can not see that being able to by pass it helps you in my scenario
> if a) you will be detected when you do bypass it because the law
> enforcers will discover they can't recover plaintext;

This implies a law against using any other form of crypto, period.  
If such a law is passable the exemption for PGP's protocol will 
really be immaterial.  That is, Yes, under an extremely draconian 
regieme, extremely draconian things are possible.

"Tinpotdictatorsville" is not a useful counterexample, because the 
TPD can mandate anything, including no use of crypto at all.

> and b) you have
> a "choice" of not being able to communicate with anyone, because in
> practical terms you have a need to communicate. 

Implies that *all* other forms of communication have been outlawed.  
Completely unrealistic.

Adam, it is a complete and utter waste of time to debate this. 

What would *not* be a waste of time would be more concrete proposals.  
Whether PGP implements something is a separate question -- I would 
like to get back to the question of designing a better email 
encryption system.

Your reencryption scheme fails because of the management of the short
term encryption keys, among other things.  Here's another approach I
will toss out, without thinking through:

How about formalizing superencryption, or tunneling? That is, treat
CMR traffic as a transport medium for messages that are themselves
already encrypted.  The "key" idea here is to allow layering of non
CMR traffic over CMR traffic.  All the code for both is obviously
already in PGP, with a little glue and perhaps some minor protocol
mods...

-- 
Kent Crispin				"No reason to get excited",
kent@songbird.com			the thief he kindly spoke...
PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html