From: Rick Smith <smith@securecomputing.com>
To: Tim May <zooko@xs4all.nl
Message Hash: dabb3907dd0d187be90f05954518b6a0237fbf4e2b4aff8a7c665e432e78e23f
Message ID: <v03007802b06aada46459@[172.17.1.150]>
Reply To: <199710141329.OAA02853@server.test.net>
UTC Datetime: 1997-10-15 18:27:48 UTC
Raw Date: Thu, 16 Oct 1997 02:27:48 +0800
From: Rick Smith <smith@securecomputing.com>
Date: Thu, 16 Oct 1997 02:27:48 +0800
To: Tim May <zooko@xs4all.nl
Subject: Re: Just say "No" to key recovery concerns...keep OpenPGP pure
In-Reply-To: <199710141329.OAA02853@server.test.net>
Message-ID: <v03007802b06aada46459@[172.17.1.150]>
MIME-Version: 1.0
Content-Type: text/plain
While I think that a variety of robust and successful products will proably
emerge that support various types of key recovery, I strongly agree with
Tim on engineering grounds: Keep It Simple, Stupid.
When it comes to deciding on the contents of a standard, let's keep in mind
that we're working with a relatively new technology. We'll make more
progress by standardizing proven concepts, and these integrated key
recovery hacks don't have the operating history that vanilla PGP has. If
anything, my experience with Guard keying suggests that the proposed
mechansims aren't enough. The problem has more hair than our sheepdog.
I don't think the protocol standard needs to take a political statement
about key recovery mechanisms, but it *must* outline the protocol's
traditional security objectives pretty much the way Tim outlined them. That
sets the context for a robust protocol that has a successful history.
Now I need to shut off my mailer and go pack my suitcase.
Rick.
smith@securecomputing.com Secure Computing Corporation
"Internet Cryptography" now in bookstores http://www.visi.com/crypto/
Return to October 1997
Return to “Zooko Journeyman <zooko@xs4all.nl>”