From: Vipul Ved Prakash <vipul@best.com>
Date: Mon, 13 Oct 1997 17:32:20 +0800
To: kent@bywater.songbird.com
Subject: Re: What's really in PGP 5.5?
In-Reply-To: <19971013011450.42022@bywater.songbird.com>
Message-ID: <199710131441.OAA00334@fountainhead.net>
MIME-Version: 1.0
Content-Type: text



Kent Crispin wrote:

> Perhaps he has no business having a personal key on a company machine. 
> He's a fool if he does, anyway -- if the company wanted to snoop his
> key they just go in after hours, install a keyboard sniffer, and grab
> his passphrase...the bottom line is, Ray, that if it is on a corporate
> machine, the corporation has access, whether the employee thinks so or
> not. 

this entirely depends on the specific protocol followed by the 
corporation and the employee. its not unethical for the corporation
to have access to the employee's _work_ key and data encrypted
with the key if they mutually decide it that way. The employee 
can always use a different crypto system for his personal data. 
and its not unethical for a firm to sell a key-escrow product. 
enforcing the use of key escrow is. 

vipul

-- 
Powell lingered. "How's Earth?" 
It was a conventional enough question and Muller gave the 
conventional answer, "Still spinning."
				      -- "Reason", Asimov. 
==================================================================
Vipul Ved Prakash                 | - Electronic Security & Crypto 
vipul@best.com 	                  | - Web Objects 
91 11 2233328                     | - PERL Development 
198 Madhuban IP Extension         | - Linux & Open Systems 
Delhi, INDIA 110 092              | - Networked Virtual Spaces