1997-10-09 - Re: What’s really in PGP 5.5?

Header Data

From: Anonymous <anon@anon.efga.org>
To: cypherpunks@cyberpass.net
Message Hash: ee157b88283f15c5f29c840cc0a9e916b7b90bcc35a52223aa14811404a2d5b4
Message ID: <8dd53fe6b49e0a4b1b529cf8e6c6f7f7@anon.efga.org>
Reply To: N/A
UTC Datetime: 1997-10-09 16:45:28 UTC
Raw Date: Fri, 10 Oct 1997 00:45:28 +0800

Raw message

From: Anonymous <anon@anon.efga.org>
Date: Fri, 10 Oct 1997 00:45:28 +0800
To: cypherpunks@cyberpass.net
Subject: Re: What's really in PGP 5.5?
Message-ID: <8dd53fe6b49e0a4b1b529cf8e6c6f7f7@anon.efga.org>
MIME-Version: 1.0
Content-Type: text/plain



The danger with the PGP system is that it could be easily perverted into
a British style trusted-third-party system for GAK.  The government
would set up a key management infrastructure to provide an official
repository and CA to register keys.  It could even be "voluntary" if
only government-approved CAs had liability protection which private CAs
didn't have, making it hard for the privates to compete.

However the price to use the government registry is that each key has
to use the PGP features to specify a TTP as an additional recipient.
Every message encrypted to that key should also be encrypted to the
TTP key.  Only government-approved TTPs may be used, and although
there are many to choose from, all have to provide easy and secret GAK.
The PGP 5 software will then automatically encrypt to the TTP key.

Yes, this can be defeated using superencryption or faking the
additional-recipient block in the message.  But we know any scheme can
be defeated.  It still satisfies the government's requirement to get
routine access to most email communications, and to allow criminals who
use standard email packages to be watched.






Thread