From: Anonymous <nobody@REPLAY.COM>
Date: Thu, 23 Oct 1997 00:05:21 +0800
To: cypherpunks@cyberpass.net
Subject: Re: PGP 5.5 CMR/GAK: a possible solution
Message-ID: <199710221555.RAA01080@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



mark@unicorn.com writes:

> When a customer wishes to send email to Joe, he would use this public key.
> When encrypting, PGP would detect the tag and put up a dialog box pointing
> out that this is a corporate key and if they click on the 'confidential'
> button it will be encrypted to the user's personal key prior to encrypting
> to the corporate key (by which I mean superencryption, to avoid traffic
> analysis). The default would be not to superencrypt; and as a side effect
> this system would be compatible with any version of PGP for
> non-confidential mail (assuming that version understands the encryption
> algorithms in use). 

Neat, automatic superencryption.

Could the same idea work with the Pgp method with the CMR key?  You
would encrypt to the user first, then reencrypt to the combination
of user and CMR key.

Would this prevent GAK?