1997-10-16 - Re:

Header Data

From: Tim May <tcmay@got.net>
To: cypherpunks@cyberpass.net
Message Hash: bc9cccd512d35e782343200206b9a38d5239b1d2d007a00877c9086004d62f30
Message ID: <v03102803b06b11dd83a5@[]>
Reply To: <199710152145.XAA20388@basement.replay.com>
UTC Datetime: 1997-10-16 01:34:02 UTC
Raw Date: Thu, 16 Oct 1997 09:34:02 +0800

Raw message

From: Tim May <tcmay@got.net>
Date: Thu, 16 Oct 1997 09:34:02 +0800
To: cypherpunks@cyberpass.net
Subject: Re:
In-Reply-To: <199710152145.XAA20388@basement.replay.com>
Message-ID: <v03102803b06b11dd83a5@[]>
MIME-Version: 1.0
Content-Type: text/plain

At 2:45 PM -0700 10/15/97, Anonymous wrote:
>Tim May <tcmay@got.net> writes:
>> This also applies to CMR as well. Whatever the perceived business reasons
>> for CMR, the fact is that it introduces additional failure points. No
>> longer will Alice and Bob be secure that at least there are no "other
>> readers" in the channel between them (what they do with the plaintext after
>> decryption is of course solvable by no technology).
>I thought that was the whole point of the PGP design.  It makes the
>presence of third parties clear and visible to all participants.  This
>seems to be the fundamental principle.  PGP is designed to allow Alice
>and Bob to be informed if third party access is built in.  Key escrow
>and re-encryption are inherently less visible forms of message access.

My explicit point was about what happens to plaintext _after_ it has been
received. Not an exceptionable point, it seems to me. CMR doesn't tell
anybody anything about who later sees the plaintext (it can't, which was my

And CMR of course does not actually stop the practice of requiring
employees to physically "escrow" keys. I would expect that most companies
now requiring employees to deposit copies of their keys may well continue
to do so.

(And I'll bet the CMR keys are _also_ required to be escrowed...the CMR
keys are too valuable not to be copied multiple times.)

Finally, I stand by my point that it introduces security weaknesses in the

--Tim May

The Feds have shown their hand: they want a ban on domestic cryptography
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^2,976,221   | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."