[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP, Inc.--What were they thinking?

To: [email protected]
Subject: Re: PGP, Inc.--What were they thinking?
From: Adam Back <[email protected]>
Date: Wed, 22 Oct 1997 20:21:54 +0100
CC: [email protected], [email protected], [email protected]
In-reply-to: <v03102800b073eb6667df@[207.167.93.63]> (message from Tim May onWed, 22 Oct 1997 10:48:54 -0700)
Sender: [email protected]

Tim May <[email protected]> writes:
> Declan writes:
> >[...]all Rep. Solomon etc. have to do is wave around a
> >shrinkwrapped copy of PGP and say: "I bought this for $19 at the Egghead
> >shop at 21st and L." Details will be lost in the fearmongering.
> 
> Yep, they're already doing this. This was reported a week or so ago,
> somewhere here in Cypherpunks.

Another interesting thing was that the French picked up on it too --
very interesting for them because they are just switching from
crypto-ban to mandatory GAK.  I suspect if PGP Inc could get an export
license they would buy in to it heavily.

(Fabrice Planchon <[email protected]>, and Jean-Francois Avon
kindly translated a French document on the web "pgp tows the line" or
something like that I think was the consensus they arrived at on
correct translation of the title of the document).

The indirect other danger is that in going the CMR route, PGP Inc may
be standards setters either through the OpenPGP standard, or outside
of it (in a similar way to the way netscape extensions are supported
by many vendors long before they are part of HTML 3.x or whatever).

If CMR becomes the standard, this greatly simplifies the task of TIS,
or TIS europe, or anyone else in building a much more GAK friendly
product which can interoperate with OpenPGP.  I think I saw a tis.com
address on ietf-open-pgp discussions list and wouldn't be surprised if
they are busy building TIS OpenPGP compliant GAKware right now.

A second indirect danger is that by taking this approach PGP Inc
damages itself by isolating itself from the large cypherpunk and
pro-privacy community, and that an even less friendly crypto email
standard wins by default.  How much protection do we have in S/MIME
vendors.  We were relying on PGP Inc to set the pro-privacy, anti-GAK
line, and then we all would have been behind them in pushing the
OpenPGP standard ahead of other standards because of it's GAK
resistance.

As it is various cypherpunks are scrambling trying to keep the OpenPGP
standard a CMR free-zone, at least as a temporary measure for this
version of the standard.

As to what PGP Inc were thinking, I'm not sure I understand what they
were thinking ...

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`

References:
- PGP, Inc.--What were they thinking?
  - From: Tim May <[email protected]>

Prev by Date: Re: shared keys, proxy encryption (was Re: PGP 5.5 CMR/GAK: a possible solution)
Next by Date: GMR vs. GAK
Prev by thread: PGP, Inc.--What were they thinking?
Next by thread: Re: puff pieces vs tough crypto issues (Re: Singapore TOILET ALERT)
Index(es):
- Date
- Thread