[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pretty Good Piracy

To: [email protected]
Subject: Re: Pretty Good Piracy
From: [email protected] (Anonymous)
Date: Mon, 6 Oct 1997 00:37:10 +0200 (MET DST)
Organization: Replay and Company UnLimited
Sender: [email protected]

Ryan Anderson wrote:
> Okay - the only difference between this and a normal version of PGP is that
> it always encrypts to a certain key-id, in addition to all others.
> 
> That's the only weakness you'll see in it.

It's the only weakness that's needed to compromise all the keys.

> So stop bitching about a feature that business is going to require before
> rolling out PGP to the whole enterprise.

I don't have any problem with the feature, only with the use of the 
PGP reputation capital to directly promote it. If they wanted to call 
it 'Pretty Corporate Privacy' then the name would reflect its purpose.

Security, in regard to privacy, is an all-or-nothing issue. As such, 
I do not find it acceptable to apply the same standards of promotion
and dissemination as with less important types of software.
The fact of the matter is, the product has nothing to do with the
privacy of the individual using it, only the privacy of the
corporation. This is an important distincion which should not be
subject to confusion with a product by the same name which is noted
for providing a secure level of privacy for the individual.

I would wager that promoting a false sense of security, or an incorrect
view of the levels of security and trust involved in company software
will do more damage than the occassional loss of keys will.

Again, the product does not provide 'Pretty Good Privacy,' it does
provide 'Pretty Corporate Privacy.'

PrivacyMonger

Prev by Date: MTBF
Next by Date: Re: Stronghold
Prev by thread: Re: Pretty Good Piracy
Next by thread: Re: Pretty Good Piracy
Index(es):
- Date
- Thread