ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Is PGP still private?

1997-10-19 08:13:50
from [A. Padgett Peterson P.E. Information Security] [Permanent Link] 
However if Alice is using a key with CMR then the user using a client
which understands CMR keys will present the user with a choice:


Could. Sender would also have to have/be able to get the CMR key as it is 
essentially an additional recipient.


<The software will attempt to fetch the CMR key, if it is unable to do
<this it will say so.  (I think).

Well with the net servers, this would certainly be possible *but* the sender's
client software would have to know to add the CMR. Would be highly surprised
if server could do that since both server and sender's client software would 
have to cooperate. Day PGP does that without providing user notification will
be day it starts to go out of business.

<For example if it were installed in tinpotdictatorsville the
<enforcement could result in the user having a "choice" not to
<communicate with anyone at all.  Availability would be 0%.

If living in tinpotdictatorville, you have a much more serious problem. This
is getting a bit far fetched anyway. In this case people will simply
not send anything incriminating electronically (were a lot of other options
before the Internet).

<Even if you believe that PGP Inc will never get an export license to
<tinpotdictatorsville, there will be other companies implementing to
<the OpenPGP standard in countries with freer export regulations.,
<These people if they choose to implement to the OpenPGP standard, will
<be forced to implement the CMR feature too, otherwise the software
<will not interoperate.

This is absurd. Now you are blaiming PGP for what some other company
*might* do ? Balderdash. CMR will be an option, not a requirement. And not
a hidden one.

<Steganography, or other low bandwidth subliminal channels would work,
<but such techniques are advanced, and PGP Inc are not making similar
<scale efforts to develop and deploy these.

Of course not. You do not need software to create a book code (though it helps).

<Also if Padgett is using pgp5.5 himself, and he attempts to send a
<mail to someone living in tinpotdictatorsville, his client will
<cooperate with the dictators wishes.

You are saying that it would be better not to send at all ? Would just use 
cleartext and some other method of communicating. If it is illegal to use,
just will not use PGP or will leave TPDV off my CC list. "Implement option B"
is not something that necessarily needs encryption. PGP makes things *easier*
not renders the impossible possible.

                                        Warmly,
                                                Padgett
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Callas/Grigg CMR variant (was Re: what is purpose of CMR?), Adam Back
Next by Date:  Re: why we are arguing for more resistant variants (Re: Is PGP still private?), Kent Crispin
Previous by Thread:  binding cryptography, Adam Back
Next by Thread:  RE: Is PGP still private?, Gaon, David
Indexes:  [Date] [Thread] [Top] [All Lists]