1997-10-18 - Re: what is purpose of CMR?

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: jon@pgp.com
Message Hash: a455a70b62616b7f04270847e1dc1bcb5278dfcf4120407f471f5b638c6e249b
Message ID: <199710180723.IAA00783@server.test.net>
Reply To: <3.0.3.32.19971017165408.00be6900@mail.pgp.com>
UTC Datetime: 1997-10-18 09:49:24 UTC
Raw Date: Sat, 18 Oct 1997 17:49:24 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 18 Oct 1997 17:49:24 +0800
To: jon@pgp.com
Subject: Re: what is purpose of CMR?
In-Reply-To: <3.0.3.32.19971017165408.00be6900@mail.pgp.com>
Message-ID: <199710180723.IAA00783@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Jon Callas <jon@pgp.com> writes:
> At 12:54 AM 10/18/97 +0100, Adam Back wrote:
>    
> > [what is CMR key for surveillance/ or disaster recovery]
> 
> It's not for surveillance. It's for recovering from disaster. 

In that case recovery can be much more simply and securely achieved
locally to the recipient.  Escrow or use locally stored recovery
information.  The CMR key is not needed for this functionality.

> I think it would be a good thing to send a PGP message over an
> encrypted link (TLS or other).

This is an independently good idea and would mitigate some of the
possibilites of CMR functionality being used for purposes other than
it's designers intended.

However it is hard to do; and the keys have different security focus
becuase it is hard to use user <-> user end to end TLS because of the
store and forward nature of email.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






Thread