From: Adam Back <aba@dcs.ex.ac.uk>
To: nobody@REPLAY.COM
Message Hash: f4c47c7f615819b26d6f4a124982de879af44393f4fa85a660e2edffa97057b7
Message ID: <199710190757.IAA00747@server.test.net>
Reply To: <199710190155.DAA10077@basement.replay.com>
UTC Datetime: 1997-10-19 09:32:58 UTC
Raw Date: Sun, 19 Oct 1997 17:32:58 +0800
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sun, 19 Oct 1997 17:32:58 +0800
To: nobody@REPLAY.COM
Subject: Re: Is PGP still private?
In-Reply-To: <199710190155.DAA10077@basement.replay.com>
Message-ID: <199710190757.IAA00747@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain
Anonymous writes:
> Kent Crispin <kent@songbird.com> writes:
> > Your reencryption scheme fails because of the management of the short
> > term encryption keys, among other things.
>
> Wait a minute. Didn't Adam abandon the reencryption idea and switch to
> key escrow?
I didn't abandon it as such, but more recognised some dangers in a
system involving re-encryption and sending messages to backup servers
being twisted for government purposes. But even re-encryption is more
resistant to GAK than PGP Inc's CMR. The danger with re-encryption is
that the person the mail is being re-encrypted and sent to could be
changed to be the government. However this presents more logistic
problems for the government than does the PGP Inc CMR method.
I switched to storage key recovery (not quite key escrow btw), because
I realised this was yet more resistant to being abused by governments.
The CDR (Corporate Data Recovery) proposal is that communications keys
would not be escrowed, and that messages would be only encrypted to
one key (the recipients key). Those emails which were archived, and
which the user consider important could be encrypted with the
recovered key. The recovery information would be stored locally and
the software would attempt were possible to make it difficult to move
the recovery information off the machine.
> Or did that one turn out to be a non-starter too?
No.
I think it is practical. I also think that it is more resistant to
government abuse (where the worst form of government abuse is mass
keyword scanning of all messages.)
I haven't seen anyone able to argue against these two claims. I
encourage anyone who can see technical objections, or objections to
the claim that this design is more resistant to abuse to speak up.
Adam
--
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
Return to October 1997
Return to “Anonymous <nobody@REPLAY.COM>”