From: mark@unicorn.com
To: tcmay@got.net
Message Hash: f9495beba66101f755411326c2640da28c84327c20f73576da15a5a1fd4a37ff
Message ID: <877615176.6781.193.133.230.33@unicorn.com>
Reply To: N/A
UTC Datetime: 1997-10-23 14:03:32 UTC
Raw Date: Thu, 23 Oct 1997 22:03:32 +0800
From: mark@unicorn.com
Date: Thu, 23 Oct 1997 22:03:32 +0800
To: tcmay@got.net
Subject: Re: PGP 5.5 CMR/GAK: a possible solution
Message-ID: <877615176.6781.193.133.230.33@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain
tcmay@got.net wrote:
> Our mileages apparently vary. When _I_ send a message to, say, Jon Callas
> at PGP, Inc., it is to Jon Callas, not to others. It might be a job offer,
> it might be an invitationf for him to help monkeywrench CMR, it might be a
> stock tip, it might be a comment about a conversation we had a party, it
> might be a lot of things.
Hmm, as usual, you make a good point. The uses I was thinking of were the
kind of uses that people have suggested as reasons for CMR; emailing orders,
etc to companies. Today I rarely do that because telephoning companies is
much easier, and in the future I'd expect to be sending most of them over
the Web rather than by email. I presume these *are* the kind of uses that
PGP Inc are expecting, since their system seems to have no other value
except as snoopware.
> If I was sending it to "Jon's coworkers in Department Z," I probably either
> wouldn't encrypt it at all, or would (if the option existed) encrypt to
> some departmental or group key.
Yep, which is basically what I was suggesting. The user chooses which key
to use based on their perception of the sensitivity of the message, not
the enforced company policy. If it's confidential, it's confidential; if
the company think I'm up to no good they can come around and force me to
decrypt a particular message, or sack me if I refuse. Their call.
> I expect those who adopt CMR will find an awful lot of folks will just give
> up on trying to communicate with those living in a CMR regime.
Ditto, at least if it's PGP's current 'mandatory voluntary' snoopware
design. I won't be running any version of PGP which includes this
'feature' in its current form; I would also suggest that we boycott any
scanning and proofreading efforts for future versions of PGP which include
this code, or remove it from the source before release. If PGP's commercial
customers lose business as a result, that's their choice.
Mark
Return to October 1997
Return to “Tim May <tcmay@got.net>”