Re: What's really in PGP 5.5?

[Vipul Ved Prakash <vipul@best.com>]

Kent Crispin wrote:

> Perhaps he has no business having a personal key on a company machine. 
> He's a fool if he does, anyway -- if the company wanted to snoop his
> key they just go in after hours, install a keyboard sniffer, and grab
> his passphrase...the bottom line is, Ray, that if it is on a corporate
> machine, the corporation has access, whether the employee thinks so or
> not. 

this entirely depends on the specific protocol followed by the 
corporation and the employee. its not unethical for the corporation
to have access to the employee's _work_ key and data encrypted
with the key if they mutually decide it that way. The employee 
can always use a different crypto system for his personal data. 
and its not unethical for a firm to sell a key-escrow product. 
enforcing the use of key escrow is. 

vipul

-- 
Powell lingered. "How's Earth?" 
It was a conventional enough question and Muller gave the 
conventional answer, "Still spinning."
				      -- "Reason", Asimov. 
==================================================================
Vipul Ved Prakash                 | - Electronic Security & Crypto 
vipul@best.com 	                  | - Web Objects 
91 11 2233328                     | - PERL Development 
198 Madhuban IP Extension         | - Linux & Open Systems 
Delhi, INDIA 110 092              | - Networked Virtual Spaces