[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What's really in PGP 5.5?




-----BEGIN PGP SIGNED MESSAGE-----

At 03:26 AM 10/8/97 -0400, Anonymous wrote:

>>This downside is particularly insidious for a number of
>>reasons. First, without fixing that problem, strong cryptography will
>>be in some sort of limbo. You want to use it to protect your valuable
>>information, but you won't want to use it for any information that's
>>*too* valuable, because it's easily lost. Crypto-protected
>>information is fragile, and this fragility could hurt its widespread
>>deployment.
>
>What you call "fragility" is properly called "security".  Would you
>describe 128-bit keys as more "fragile" than 40-bit keys?  Why is PGP,
>Inc. inventing propaganda terms for the authorities?

Okay, call it security but the point is, if you're protecting documents vital 
to your company using encryption (say the design of a new product) and the 
person who knows the passphrase dies, you've just lost a great deal of money.

PGP for Business Security gives the business a way to have a backup key that 
can read that person's information.  Frankly, it might not be able to read 
anybody elses, from the description given.

This is a feature that any business (that understands encryption) will want.

They can easily store the secret keys of the other id someplace secure, and 
never retrieve them until someone dies.  Disavow knowledge of them to 
government, etc.  heck, the keys can even be in the primary person's 
posession.   (Perhaps stored in a safe-deposit box, or without a passphrase, 
etc.)

>>Data recovery is useful for a number of things. Perhaps you lost your
>>passphrase. Or data might have been encrypted by an employee or co
>>worker who was in an accident. (As an aside, fifteen years ago, the
>>architect of a product I worked on was in a severe car wreck. He was
>>not killed, but suffered brain damage and has never returned to
>>work.) Your spouse might need access to financial records. Everyone,
>>be they an individual, business, or coporation has a right to having
>>their data protected, and protection not only means being able to put
>>it into a safe, but getting it out of that safe later.
>
>It is fascinating to me that every example you use does not involve
>decrypting transmitted messages.  Yet, that is the feature which is
>under discussion.

Amazingly, he gave an example where, had encryption been used, the project 
would have stopped, and restarted because the person with the keys was 
incapacitated.  Are you just being combative here?

>The demand for the ability to decrypt encrypted messages in the
>corporate environment can easily be measured with this test: how many
>companies have a policy that requires employees to record all outgoing
>mail?

Well, any company giving stock advice (and governed by SEC rules on stock 
tips, etc.) is already require to have all outgoing mail approved (e-mail and 
snail), so does it matter if they record it or not?


-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNDuE6Tc3ytqHnNyNAQFzTQP/cLBt7fwDLXHyVecvoB3U1y0aRNXA22IH
Eceiuc4itfZjRG4mwokIzrTnhIUeEqF5BommDqDwdXxg/re1JMYETj4v9apD47Lt
nIFVc+mNvKVDQOLtp9cETgepm76IqgHUWZgQxKkgTFtANM5IxXn8IkI51ATd2A3E
hj4npnS3bYQ=
=0Ib2
-----END PGP SIGNATURE-----


-----------------------------------------------------------------------
Ryan Anderson - <Pug Majere>     "Who knows, even the horse might sing" 
Wayne State University - CULMA   "May you live in interesting times.."
[email protected]         
PGP Fingerprint - 7E 8E C6 54 96 AC D9 57  E4 F8 AE 9C 10 7E 78 C9
-----------------------------------------------------------------------