[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What's really in PGP 5.5?





[cryptography snipped, Perry's killed the thread]

Jon Callas <[email protected]> writes:
> At 08:48 PM 10/7/97 -0500, Bruce Schneier wrote:
>    Jon Calis wrote:
>    If this is true (and I have no reason to believe it isn't), then
>    why is the key escrow code written (although not turned on) in
>    the source code for 5.0 that was posted internationally from PGP?
> 
> Bruce, I understand that you don't like any form of data recovery,
> but there is no key escrow in PGP. Perhaps we should talk about this
> on the phone.

Oooh.  PGP Inc damage control mode on <clunk>!

We all would like to hear the reason too, Jon :-)

>    Makes no sense.

Here are a couple of reasonably plausible ones:

- common source tree with #ifdefs for different products

- some functionality required even in non business version to inform
  user about policy flag meanings

btw I didn't read the source code quoted so that second attempt at a
plausible reason might be a dud.

btw2: it isn't just Bruce that doesn't like key escrow.
btw3: your definition of "data recovery" is wrong.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`