[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What's really in PGP 5.5?




At 2:27 PM -0700 10/7/97, Jon Callas wrote:
>One of the downsides of cryptography is that if you lose your passphrase
>(or token, PIN, smart card, or whatever), you've lost your data. My
>favorite way of expressing this problem is, "if you lose the keys to your
>car, then you have to get a new car."

Jon clearly states one half of the problem here.  The other half is what
seems to be below the surface in many of the responses to PGP 5.5.  That
is, how do I achieve the secure deletion of data?

When I make a telephone call, I have an expectation that the only record of
the call will be in my memory and the memory of the person at the other
end.  At one time, people recording telephone conversations were required
to include a beep every 15 seconds to notify the participants that this
expectation was being violated.  (It seems this expectation has always been
violated by law enforcement.)

Now email is a confounding medium because it is both a transient
communication medium and a storage medium.  We would like to be able to
have protection against losing access to our stored data, at the same time
we are sure that those who violate our trust and intercept our
communications can not read the data, when it is sent or at any time in the
future.

PGP 5.5 seems to have a solution to the "lose your data" problem.  It does
not seem to address the secure deletion problem.

In the context of computer system backup, one paper at the last Usenix
Security Conference suggested implementing secure deletion by encrypting
the data on the backup tape and then destroying the key when you wanted to
delete the data.


-------------------------------------------------------------------------
Bill Frantz       | Internal surveillance      | Periwinkle -- Consulting
(408)356-8506     | helped make the USSR the   | 16345 Englewood Ave.
[email protected] | nation it is today.        | Los Gatos, CA 95032, USA