From: Adam Back <aba@dcs.ex.ac.uk>
To: jon@pgp.com
Message Hash: e726f54a31ea5d5362968b62c71d9fef393fc950d924267726067b1ec23799b8
Message ID: <199711032338.XAA02005@server.test.net>
Reply To: <3.0.3.32.19971103115159.0894a320@mail.pgp.com>
UTC Datetime: 1997-11-04 00:11:50 UTC
Raw Date: Tue, 4 Nov 1997 08:11:50 +0800
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 4 Nov 1997 08:11:50 +0800
To: jon@pgp.com
Subject: CMR/ARR revisited
In-Reply-To: <3.0.3.32.19971103115159.0894a320@mail.pgp.com>
Message-ID: <199711032338.XAA02005@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain
Jon Callas suggests that CMR has been discussed vigorously. What was
the outcome?
Here's a short summary of a more secure and less politically
controversial alternative to CMR:
1. Escrow employee company use encryption keys.
2. Don't escrow employee personal use encryption keys.
3. Don't escrow employee company use signature keys.
As pgp5 packet format already supports multiple encryption sub keys
attached to signature keys, all that has to be done to support the
above is to put comments in the userID to say what purpose the keys
are for:
Jon Callas <jon@pgp.com> (personal use)
Jon Callas <jon@pgp.com> (company use)
Provide support in the business verion of the software to escrow the
company use key. Provide support for both company use and personal
use keys. If some companies want to disallow personal use, you might
consider adding this feature.
The above is already provided for without CMR/ARR.
CMR/ARR fields add political and security risks, so why bother?
So what is PGP Inc's position on the future of CMR?
Is it going to be phased out?
Is it going in the OpenPGP standard?
Are there any security, privacy or political objections to local
escrow?
Enciphering minds want to know...
Adam
Return to November 1997
Return to ““William H. Geiger III” <whgiii@invweb.net>”