1997-10-15 - Re: Just say “No” to key recovery concerns…keep OpenPGP pure

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: tcmay@got.net
Message Hash: b2b6d08bb7f731a24cb8bd0dd5408fef87d990f687e5dd85faa67dbf5707cfd9
Message ID: <199710150647.HAA11450@server.test.net>
Reply To: <v03102803b069f989d978@[207.167.93.63]>
UTC Datetime: 1997-10-15 07:07:23 UTC
Raw Date: Wed, 15 Oct 1997 15:07:23 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 15 Oct 1997 15:07:23 +0800
To: tcmay@got.net
Subject: Re: Just say "No" to key recovery concerns...keep OpenPGP pure
In-Reply-To: <v03102803b069f989d978@[207.167.93.63]>
Message-ID: <199710150647.HAA11450@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain

Tim May <tcmay@got.net> writes:
> I'll try a different way of making my points...
> 
> At 9:12 PM -0700 10/14/97, Lucky Green wrote:
> 
> >I can't help but see a difference between enforcing to encrypt to a
> >default key and storing the user's key outright. IMHO, the former entails
> >less potential for abuse.
> 
> All other things being equal, maybe the former is slightly less intrusive
> than the latter. But maybe not even this, as the two give the same results.
> After all, what's the real difference between "all mail, incoming and
> outgoing, must also be encrypted to a CMR key" and "you must deposit a copy
> of your key with us"?

CMR keys are the root of all evil in pgp5.5.  Without them almost any
permutation of recovery care to construct would be less useful to the
GAKkers, for all the organisational, and inconvenience reasons Tim
describes.  Governments have problems handling complexity.  

So make their job complex.  If you were one of the people writing the
IRS tax software back in the 60s, and you were in deep cover, a
proto-cypherpunk, and were bright enough to see the future
possibilites you would have done all you could to fuck up the IRS
system.  You would have obfuscated the code.  You would have put logic
bombs in it.  You would have destroyed the source code
surreptisiously.  (Destroying source code has analogies to destroying
keys at earliest opportunity, you are destroying something which your
enemy needs).

Any bets as to if any of this actually happened on purpose?  I reckon
so.

So, do you all reckon we can make task of fielding GAK impossibly
complex for such a big disorganised government?

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`

Thread

Return to October 1997
Return to “Adam Back <aba@dcs.ex.ac.uk>”
Return to “alexlh@xs4all.nl”
Return to “Andrew Bromage <bromage@cs.mu.oz.au>”
Return to “Bianca <bianca@dev.null>”
Return to “Lucky Green <shamrock@cypherpunks.to>”
Return to “lutz@taranis.iks-jena.de (Lutz Donnerhacke)”
Return to “Rick Smith <smith@securecomputing.com>”
Return to “Ryan Anderson <randerso@ece.eng.wayne.edu>”
Return to “Tim May <tcmay@got.net>”
Return to “Zooko Journeyman <zooko@xs4all.nl>”
1997-10-14 (Tue, 14 Oct 1997 19:17:16 +0800) - commercial data recovery - Zooko Journeyman <zooko@xs4all.nl>
- 1997-10-14 (Tue, 14 Oct 1997 20:21:43 +0800) - Re: commercial data recovery - alexlh@xs4all.nl
- 1997-10-14 (Tue, 14 Oct 1997 22:53:36 +0800) - Re: commercial data recovery - Adam Back <aba@dcs.ex.ac.uk>
  - 1997-10-15 (Thu, 16 Oct 1997 02:27:48 +0800) - Re: Just say “No” to key recovery concerns…keep OpenPGP pure - Rick Smith <smith@securecomputing.com>
- 1997-10-14 (Wed, 15 Oct 1997 06:59:56 +0800) - Just say “No” to key recovery concerns…keep OpenPGP pure - Tim May <tcmay@got.net>
  - 1997-10-15 (Wed, 15 Oct 1997 08:13:13 +0800) - Re: Just say “No” to key recovery concerns…keep OpenPGP pure - Lucky Green <shamrock@cypherpunks.to>
    - 1997-10-15 (Wed, 15 Oct 1997 09:57:43 +0800) - Re: Just say “No” to key recovery concerns…keep OpenPGP pure - Adam Back <aba@dcs.ex.ac.uk>
      - 1997-10-15 (Wed, 15 Oct 1997 12:17:09 +0800) - Re: Just say “No” to key recovery concerns…keep OpenPGP pure - Lucky Green <shamrock@cypherpunks.to>
        1997-10-15 (Wed, 15 Oct 1997 15:06:43 +0800) - Re: Just say “No” to key recovery concerns…keep OpenPGP pure - Adam Back <aba@dcs.ex.ac.uk>
        1997-10-15 (Wed, 15 Oct 1997 16:12:21 +0800) - Just say “Huh?” to key recovery concerns…keep OpenPGP pure - Bianca <bianca@dev.null>
      - 1997-10-15 (Wed, 15 Oct 1997 13:13:00 +0800) - Re: Just say “No” to key recovery concerns…keep OpenPGP pure - Tim May <tcmay@got.net>
        1997-10-15 (Wed, 15 Oct 1997 15:07:23 +0800) - Re: Just say “No” to key recovery concerns…keep OpenPGP pure - Adam Back <aba@dcs.ex.ac.uk>
  - 1997-10-15 (Wed, 15 Oct 1997 08:20:24 +0800) - Re: Just say “No” to key recovery concerns…keep OpenPGP pure - Tim May <tcmay@got.net>
    - 1997-10-15 (Wed, 15 Oct 1997 11:56:01 +0800) - Re: Just say “No” to key recovery concerns…keep OpenPGP pure - Lucky Green <shamrock@cypherpunks.to>
      - 1997-10-15 (Wed, 15 Oct 1997 15:06:41 +0800) - Re: Just say “No” to key recovery concerns…keep OpenPGP pure - Adam Back <aba@dcs.ex.ac.uk>
  - 1997-10-15 (Wed, 15 Oct 1997 10:43:08 +0800) - Re: Just say “No” to key recovery concerns…keep OpenPGP pure - Ryan Anderson <randerso@ece.eng.wayne.edu>
  - 1997-10-15 (Thu, 16 Oct 1997 02:58:20 +0800) - Re: Just say “No” to key recovery concerns…keep OpenPGP pure - Tim May <tcmay@got.net>
  - 1997-10-20 (Mon, 20 Oct 1997 22:18:41 +0800) - Re: Just say “No” to key recovery concerns…keep OpenPGP pure - lutz@taranis.iks-jena.de (Lutz Donnerhacke)
- 1997-10-15 (Wed, 15 Oct 1997 08:09:04 +0800) - Re: commercial data recovery - Andrew Bromage <bromage@cs.mu.oz.au>

cryptoanarchy.wiki

1997-10-15 - Re: Just say “No” to key recovery concerns…keep OpenPGP pure

Header Data

Raw message

Thread