1997-10-10 - message recovery is a red herring: pgp5.5 is for snooping (Re: CAK as a really bad form of corporate networking)

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: tcmay@got.net
Message Hash: b7e43eb95a89a4d9492a4d6f55b0177f04ab19e27a61a43c3ddb5d1ff0afbaf5
Message ID: <199710102020.VAA05198@server.test.net>
Reply To: <v03102802b0641232c44b@[207.167.93.63]>
UTC Datetime: 1997-10-10 21:38:44 UTC
Raw Date: Sat, 11 Oct 1997 05:38:44 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 11 Oct 1997 05:38:44 +0800
To: tcmay@got.net
Subject: message recovery is a red herring: pgp5.5 is for snooping (Re: CAK as a really bad form of corporate networking)
In-Reply-To: <v03102802b0641232c44b@[207.167.93.63]>
Message-ID: <199710102020.VAA05198@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Tim May <tcmay@got.net> writes:
> I've been scratching my head, trying to figure out what the market
> for PGP's new recovery program is for. After all, if employees have
> local disks and these disks are on a company network or backup plan,
> then the corporation has access to the plaintext of memos, reports,
> and plaintext sent and received e-mail. (The purpose of Alice
> encrypting to Bob being _in-transit_ security, and nothing more.)
>
> It seems to me that the CAK (Corporate Access to Keys) approach
> being talked about, where Alice encrypts to Bob and _also_ encrypts
> to Eve, is a poor solution to the "archiving" problem.

I'm finding this whole thing is surrounded by euphemisms, and
newspeak.  For example PGP's Jon Callas claiming that the main
motivation for the system is to ensure availability of messages.  As
you point out this is bunk.

This leaves as the only excuse for pgp5.5's existance corporate
snooping of sent and received emails.  PGP Inc is encouraging little
brother and doing it in a way that provides tools for big brother, and
is thereby paving the way for mandatory GAK.

(Also Jon's flimsly claim that it isn't a "key escrow" system, I
consider mere word play, whatever PGP Inc cares to call it, it's
clearly a CAK system).

> As Adam Back and others have noted, if Alice stores her Eudora or
> whatever e-mail files on her systems, presumably in plaintext (as
> the purpose of encrypting with Bob is for _in-transit_ security, not
> storage security), then the corporation can insist that she make her
> plaintext files archivable on the company's backup system.

Perhaps my arguments of how you can build encrypted corporate snooping
email archive systems without being GAK friendly are too complex.
Just storing the data in the clear is easier to understand, and is
probably what most corporates are doing anyway.  I don't think most
corporates are using storage encryption widely internal to their
networks, and rely on a decent firewall, or an air gap.

The obvious objection to the argument that you store your email
folders in the clear, as I'm sure one of our anonymous PGP employees
will point out again, is that:

	What if the email is archived encrypted in the eudora folder,
	or the netscape, or other MUA folder.  The corporate snoop
	won't be able to read it without the employees co-operation.

A similar objection applies to IMAP mailboxes, (IMAP being a POP3 like
thing, but with the added functionality that the mailbox archive is
kept on the server).


If you're using PGP mail client software too, it can archive it in
plain text, or encrypted with a corporate escrowed storage key as I
was describing.  Mostly mega-important email is going to be copies of
stuff on disk anyway, as Tim points out.

(Also I'd like to ask those who use other email clients than I how encrypted
email is treated: with emacs mailcrypt, I have the option of archiving the
decrypted email, or keeping the encrypted mail as is in the archive, so that
you have to go back and decrypt it again to read old encrypted emails.  How
does the eudora plug in work?  How does pgp5.0 work, and how does netscape
with pgp plug in work.)


To me a corporate snooping policy is not a good thing to encourage.
I wonder if PGP Inc claim that corporate snooping is demanded by the
industry.

Another way to implement corporate message snooping is for the company
to retain copies of users private decryption keys.  (Plus to have the
second crypto recipient on sent mail of the company snoop, but strip
it off before it goes outside the LAN in the SMTP policy enforcer.)
Still that's more GAKware, as if you remove the policy enforcer it's
useful for GAKkers also.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






Thread