Re: PGP Employee on MKR

[mark@unicorn.com]

shamrock@cypherpunks.to wrote:

> OK, I must be missing something. How can it be more evil if the email
> isn't automatically sent to the owner of the MK key than if the email is
> automatically cd'ed?

Uh, don't understand the question. The issue is that it's being encrypted
to multiple keys for one recipient.

> Agreed. And so did PGP 2.x and any version of PGP that allows for
> encryption to multiple keys. Anybody can take the 2.6 source and hardcode
> in a second recipient key.

But, for the fifth or sixth time, _that isn't being shipped as standard 
by PGP_. 

> I read the recently  proposed alternatives
> and fail to see how they would prevent GMR any more than PGP's solution.
> All I saw were convoluted and frequently hasty designs, many of which
> lend themselves even more to GAK then what PGP did.

Really? I seem to recall Jon Callas saying my system 'redesigned CMR' 
but was simpler than theirs. The mere fact that CMR requires an enforcer 
implies that it's a convoluted and hasty design. 

> Once, (as many of you know IMHO it is a "once", not an "if")  GAK becomes
> mandatory, it can be implemented with 2.6 just a easy as
> with 5.5.

But it can't; for a start 2.6-based GAK won't interoperate with 
international versions the way that CMR will. Cutting the US off from
encrypted mail from the rest of the world would probably not go down
too well.

Lucky, one question: wouldn't you be complaining if Netscape or Microsoft
were shipping a system which enforced encryption to snooping keys? Why should 
we feel any differently about PGP?

    Mark