[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Just say "No" to key recovery concerns...keep OpenPGP pure
On Wed, 15 Oct 1997, Adam Back wrote:
>
> Lucky Green <[email protected]> writes:
>
> > [Sidetrack: which is of course why PGP had to find another solution to
> > present to those customers already using GAK. IMHO, and I can't help but
> > be a bit surprised that I find myself in the minority on this
> > issue, at least as far as the list is concerned. What PGP did was
> > _elegant_.]
>
> Wow, Lucky! I usually consider you to be spot on most such things, but
> I think you failed to hit the bulls-eye there; in fact I think you
> missed the dartboard entirely!
So I am told. Which is surprising to me, since usually I am told that that
I am too "paranoid" and "uncompromising".
> I thought it was you who was pointing out earlier the fallacy induced
> by the key escrow meme (escrowing transient communicatoins keys with
> governments or companies to recover data stored on frigging disks!)
> (Actually you applied it just to goverments but the argument extends
> to companies perfectly).
I can't help but see a difference between enforcing to encrypt to a
default key and storing the user's key outright. IMHO, the former entails
less potential for abuse.
> (Notice Bruce Schneier's forward of a case of a GAKker already
> starting to crow about the demonstration of GAKware feasibility in
> PGP).
>
> There are plenty of less GAK compliant things you can do than what
> they are doing. The anti-GAK design principles help to clarify
> thought in designing a full spectrum from mildly GAK resistant through
> to rabidly GAK-hostile. I would hope that PGP (and you lot at C2Net)
> will crank the setting up to mad dog rabid anti GAK mode with nested
> obfuscated interpreters interpreting each other interpreting
> instruction sequences to recover keys. And busting your butts to make
> your systems ergonomic and slick to the extent that the competitors
> GAKware products look like dried up turds in comparison. Deployment
> being probably the most important anti-GAK principle of all!
Amen to the latter. I honestly don't see what PGP could have done better
and still achieved deployment in companies that keep copies of all
employees keys *today*. And yes, I think what PGP is doing is
better than keeping copies of the keys of all employees. Anyway, I now
have access to the entire PGP 5.5 system and will subject it to thorough
analysis. Methinks many people arecurrently rendering opinions on a design
they haven't even seen yet.
Certainly, the part of PGP's SMTP agent that prevents you from screwing
up by accidentaly sending sensitive email unencrypted stands a good chance
of being installed at my site. [Can we all agree that this is a useful
feature]? More than once, I failed to encrypt an email that I meant to
encrypt.
As for C2 and GAK: as Lucky Green, I speak _only_ for myself. And I can
therefore say that if my employer was to imlement GAK, I would quit the
day I found out about it. It isn't going to happen.
-- Lucky Green <[email protected]> PGP encrypted email preferred.
"Tonga? Where the hell is Tonga? They have Cypherpunks there?"