From: Jon Callas <jon@pgp.com>
Date: Sat, 18 Oct 1997 08:07:57 +0800
To: Adam Back <ietf-open-pgp@imc.org
Subject: Re: what is purpose of CMR?
In-Reply-To: <199710172354.AAA03957@server.test.net>
Message-ID: <3.0.3.32.19971017165408.00be6900@mail.pgp.com>
MIME-Version: 1.0
Content-Type: text/plain



At 12:54 AM 10/18/97 +0100, Adam Back wrote:
   
   This is a question which I am unclear on about PGP Inc's design goals
   in using the CMR method.
   
     Is the CMR field to allow the company to recover from the user
     forgetting his password?  (recover his mail folder full of encrypted
     email).
   
   or
   
     Is the CMR field to allow the company to read the email in transit
   
   This seems like a fairly important distinction.

It's not for surveillance. It's for recovering from disaster. I think it
would be a good thing to send a PGP message over an encrypted link (TLS or
other).

	Jon



-----
Jon Callas                                  jon@pgp.com
Chief Scientist                             555 Twin Dolphin Drive
Pretty Good Privacy, Inc.                   Suite 570
(415) 596-1960                              Redwood Shores, CA 94065
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
              665B 797F 37D1 C240 53AC 6D87 3A60 4628           (RSA)