ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: anti-GAK design principles: worked example #1

1997-10-16 00:21:28
from [Adam Back] [Permanent Link] 

Gene Hoffman <hoffmang(_at_)pgp(_dot_)com> writes:

On Wed, 15 Oct 1997, Adam Back wrote:



- store a copy of the private half of the users PGP encryption key
  encrypted to the company data recovery key on the users disk.



You would rather have PGP implement private key escrow?


Yes.  

This is less GAK friendly than the way that PGP are implementing CMR.

In worked example #2 and I might do a #3 as well, I will as promised
show you how to apply the design principles to achieve greater
GAK-hostility than example #1 which you are objected to above.

However, in the mean time, I would like you and other PGPers to
re-read my post and answer the questions contained in it:


- can you see ways that this could be perverted to implement GAK
  (yes I can too, btw, but...)
- are those ways logisitically harder for GAKkers to acheive than for CMR


You appear to claim that your answer to the second question is no.

I would like to see you explain your reasoning for why this is so.

You may find it constructive to re-read some of Tim May's recent posts
as he explains the logic of this fairly clearly.  Tim May does not
need the anti-GAK design principles to think in an critical
GAK-hostile way.

PGP Inc does appear to need them because their design principles are
currently at best GAK-neutral, and appear to be largely based on
wooly, ill thought-out pro-privacy / liberal thinking.

You have to think in a crypto-anarchist, saboteur mindset to maximise
your ability to prevent mandatory GAK becoming reality.  The anti-GAK
design principles are a codification of the crypto-anarchist GAK
saboteur's natural predilections to want to prevent the GAKkers.

I have in waiting some other design principles which codify more
general crypto-anarchist design principles.  I will not be adding
these to the anti-GAK design principles at this stage for fear of
confusing the first issue: how to best prevent GAK occuring in our and
other countries.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U(_at_){$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PGP/MIME Partial compliance test, Ben Escoto
Next by Date:  Praise the Lord! / Re: anti-GAK design principles: worked example #1, TruthMonger
Previous by Thread:  Re: anti-GAK design principles: worked example #1, Gene Hoffman
Next by Thread:  Re: anti-GAK design principles: worked example #1, Jon Callas
Indexes:  [Date] [Thread] [Top] [All Lists]