From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 9 Oct 1997 08:15:26 +0800
To: jon@pgp.com
Subject: Re: What's really in PGP 5.5?
In-Reply-To: <3.0.3.32.19971008143320.00a9be80@mail.pgp.com>
Message-ID: <199710082309.AAA02193@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




[cryptography snipped, Perry's killed the thread]

Jon Callas <jon@pgp.com> writes:
> At 08:48 PM 10/7/97 -0500, Bruce Schneier wrote:
>    Jon Calis wrote:
>    If this is true (and I have no reason to believe it isn't), then
>    why is the key escrow code written (although not turned on) in
>    the source code for 5.0 that was posted internationally from PGP?
> 
> Bruce, I understand that you don't like any form of data recovery,
> but there is no key escrow in PGP. Perhaps we should talk about this
> on the phone.

Oooh.  PGP Inc damage control mode on <clunk>!

We all would like to hear the reason too, Jon :-)

>    Makes no sense.

Here are a couple of reasonably plausible ones:

- common source tree with #ifdefs for different products

- some functionality required even in non business version to inform
  user about policy flag meanings

btw I didn't read the source code quoted so that second attempt at a
plausible reason might be a dud.

btw2: it isn't just Bruce that doesn't like key escrow.
btw3: your definition of "data recovery" is wrong.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`