I think also that pgp5.5 for personal use probably knows how to reply
to a CMR key also.
I'm not clear on this last one, but it may even be that a pgp5.0
implementation knows how to reply to a CMR key also.
Source code is available, or am sure pgp will answer.
However if Alice is using a key with CMR then the user using a client
which understands CMR keys will present the user with a choice:
Could. Sender would also have to have/be able to get the CMR key as it is
essentially an additional recipient.
Do you want to allow the CMR key holder to be able read the message as
well as Alice?
Well if the policy enforcemnt says it must, then to send to Alice, you must.
Some CMR keys will be marked to state that if the CMR key holder does
not use the application to say he wants to allow the CMR key holder to
read the information, that the message will not reach Alice, because a
CMR policy enforcer will bounce it back.
Correct: *but* in the event of a bounce, no one else can read the message
so privacy is maintained. Referring to the CIA triangle, confidentiality and
integrity have been maintained, it is availablity that has failed.
In addition it is acknowledged that this is a weak enforcement in that
it is relatively easy to create messages which will fool the CMR
enforcement agent, which will still be decryptable by Alice.
That goes without saying: unless the policy server contains the CMR private
key (which will not happen unless someone is completely clueless) it will
be unable to do more than verify that something which appears to be the
CMR header exists in the file. Such an appendage would be trivial to add.
If the server could do more, THEN I would be concerned.
Warmly,
Padgett