[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CAK as a really bad form of corporate networking
At 10:28 AM -0700 10/10/97, Tim May wrote:
>As Adam Back and others have noted, if Alice stores her Eudora or whatever
>e-mail files on her systems, presumably in plaintext (as the purpose of
>encrypting with Bob is for _in-transit_ security, not storage security),
>then the corporation can insist that she make her plaintext files
>archivable on the company's backup system.
I should add that Alice may have encrypted files on her local hard disk.
Nothing in PGP for Business, as I understand it, stops Alice from storing
files without also encrypting to Cakbert's key. That is, Alice can store
encrypted files to her heart's content.
(If in fact PGP for Business even requires a corporate encryption for
stored files, then I missed this in the description. My apologies.
Actually, to close this glaring loophole, I would expect PGP for Business
to insist on a corporate key being used even for private files. Of course,
without communicating those files to the corporate data center, all Alice
has to do is corrupt the stored file a little, or delete it, and she's back
to encrypting in ways only she can use.)
A tree chart is really needed to see where PGP for Business works and where
it doesn't work.
The charting of the permulations, of who encrypts, who keeps the plaintext
versions around, etc. is complicated, but instructive to do. (Does Alice
encryp to Bob? Does Alice store the plaintext or leave things encrypted?
Does Alice make her local disk archivable by corporate backup systems? Etc.)
My conclusion is that PGP for Business does very little for real corporate
access in "hit by a truck" situations, as most of these critical files
(fill in the blanks, but think of chip design files, source code for
programs, lab notebooks, etc.) are simply NOT ever e-mailed. And if they
are e-mailed, this is completely a tertiary issue.
To put it simply, if Joe the Programmer is hit by a truck, reconstruction
of his project files will come almost entirely from what he has on his hard
disk, on backups he or the company made, on his papers, etc. Almost none of
it will come from the e-mail he sent to others. And, in any case, his
recipients presumably have copies of the e-mail he sent them. Maybe they
don't, but if this is a function of PGP for Business, then it says that
file archiving is really one of the main functions. Which is possible, but
there are better ways to archives records!
If a company is worried that an employee will forget his passphrases, or be
hit by a truck, or leave on bad terms, or whatever, then the obvious
solution is to have him carefully make a backup of his passphrases and
secret keys and place them in a safe and accessible place, e.g., in the
safe of the company attorney. This is what all prudent persons do with
their keys, right?
Such precautions are standard for crypto work, and have nothing to do with
what PGP for Business is apparently doing.
Further, I would argue that PGP for Business gives a false sense of
security. What real use is access to some bullshit e-mail if the prudent
steps outlined above have been ignored?
We know that the push for GAK is for access to _communications_ keys. We
know that Alice and Bob have no need to GAK their _communications_. The
real customer for GAK is an eavesdropper, not Alice or Bob.
So who is the real customer for PGP for Business and its form of plaintext
recovery?
--Tim May
The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^2,976,221 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."