[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP, Inc.--What were they thinking?




On Fri, 24 Oct 1997, Adam Back wrote:
> 
> If this is the case, I reckon it's still better to just escrow their
> comms keys locally.  Put them all in the company safe, whatever.  To
> go with this kind of a company with this kind of policy, I would
> presume that sending or receiving super-encrypted messages would would
> be a sackable offense.

Adam,
How does your system prevent the employer  from fabricating forged
signatures in a PK system that uses the same key for signing and
decrypting? And if you don't use such a system, then how do you deal with
future versions of the software that will allow the user to swap DH keys
from underneath the ElGamal keys?

Thanks,

-- Lucky Green <[email protected]> PGP encrypted email preferred.
   "Tonga? Where the hell is Tonga? They have Cypherpunks there?"