1997-10-28 - Re: PGP and GMR

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: maxson1@MARSHALL.EDU
Message Hash: afa9121809150a72fe211a2ad03a7787ebf7fe8168844eb734675be81e109647
Message ID: <199710282301.XAA02835@server.test.net>
Reply To: <3.0.3.32.19971028112812.006bc3fc@hobbit.marshall.edu>
UTC Datetime: 1997-10-28 23:08:52 UTC
Raw Date: Wed, 29 Oct 1997 07:08:52 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 29 Oct 1997 07:08:52 +0800
To: maxson1@MARSHALL.EDU
Subject: Re: PGP and GMR
In-Reply-To: <3.0.3.32.19971028112812.006bc3fc@hobbit.marshall.edu>
Message-ID: <199710282301.XAA02835@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Matthew Maxson <maxson1@MARSHALL.EDU> writes:
> I am new to this list and cryptogrophy, and have a few questions.
> 1)what is CMR?  

The CMR acronym stands for "Corporate Message Recovery".

> 2) how does it relate to PGP?  

CMR is the corporate disaster recovery mechanism built in to pgp5.5
(and some support for it in pgp5.0).

> 3) what is GAK?  

Government Access to Keys.  Governments seem to have an unhealthy
desire to obtain your communications keys.  They use lots of slick PR
terms to make their snooping urges seem less obnoxious -- things like
"clipper", "key escrow", "key recovery", etc.

> I have gathered that it is a back door that will encrypt all messags
> to the goverment (or some other official body) as well as encrypting
> it to the recipiant.

CMR doesn't do it.  Why people are getting upset is that it could be
used for this though.

> Also, I assume that PGP 5.X has added this to their encryption
> scheme to allow companies to read employee e-mail.

Yes, CMR is to allow companies to recover email in case of employee
forgetting passphrase, or is on holiday, or leaves on bad terms,
or dies unexpectedly.

> Does PGP 2.6.2 have this back door into it?  tnx for your help. 

PGP2.x doesn't have CMR in it.  You don't have to use the CMR feature
on your own key with pgp5.x.  The argument is more about what it could
be used for by government in the future.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






Thread