1997-10-22 - Re: PGP, Inc.–What were they thinking?

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: tcmay@got.net
Message Hash: cdbce6adf89fb7bbee61823be80c371a15780945440d6b262950a16dd80bfb4e
Message ID: <199710221921.UAA05327@server.test.net>
Reply To: <v03102800b073eb6667df@[207.167.93.63]>
UTC Datetime: 1997-10-22 19:31:57 UTC
Raw Date: Thu, 23 Oct 1997 03:31:57 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 23 Oct 1997 03:31:57 +0800
To: tcmay@got.net
Subject: Re: PGP, Inc.--What were they thinking?
In-Reply-To: <v03102800b073eb6667df@[207.167.93.63]>
Message-ID: <199710221921.UAA05327@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Tim May <tcmay@got.net> writes:
> Declan writes:
> >[...]all Rep. Solomon etc. have to do is wave around a
> >shrinkwrapped copy of PGP and say: "I bought this for $19 at the Egghead
> >shop at 21st and L." Details will be lost in the fearmongering.
> 
> Yep, they're already doing this. This was reported a week or so ago,
> somewhere here in Cypherpunks.

Another interesting thing was that the French picked up on it too --
very interesting for them because they are just switching from
crypto-ban to mandatory GAK.  I suspect if PGP Inc could get an export
license they would buy in to it heavily.

(Fabrice Planchon <fabrice@math.Princeton.EDU>, and Jean-Francois Avon
kindly translated a French document on the web "pgp tows the line" or
something like that I think was the consensus they arrived at on
correct translation of the title of the document).

The indirect other danger is that in going the CMR route, PGP Inc may
be standards setters either through the OpenPGP standard, or outside
of it (in a similar way to the way netscape extensions are supported
by many vendors long before they are part of HTML 3.x or whatever).

If CMR becomes the standard, this greatly simplifies the task of TIS,
or TIS europe, or anyone else in building a much more GAK friendly
product which can interoperate with OpenPGP.  I think I saw a tis.com
address on ietf-open-pgp discussions list and wouldn't be surprised if
they are busy building TIS OpenPGP compliant GAKware right now.

A second indirect danger is that by taking this approach PGP Inc
damages itself by isolating itself from the large cypherpunk and
pro-privacy community, and that an even less friendly crypto email
standard wins by default.  How much protection do we have in S/MIME
vendors.  We were relying on PGP Inc to set the pro-privacy, anti-GAK
line, and then we all would have been behind them in pushing the
OpenPGP standard ahead of other standards because of it's GAK
resistance.

As it is various cypherpunks are scrambling trying to keep the OpenPGP
standard a CMR free-zone, at least as a temporary measure for this
version of the standard.


As to what PGP Inc were thinking, I'm not sure I understand what they
were thinking ...

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






Thread