[Top] [All Lists]

Re: Just say NO to key escrow or CMR/ARR revisited

1997-11-05 07:23:31

In <346072BB(_dot_)80BAD889(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk>, on 11/05/97 
   at 08:20 AM, Ian Brown <I(_dot_)Brown(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk> 

Plain and simple with or without CMR if the government is going to pass
laws requiring that all messages be encrypted with a government key then
you are f**ked, plain and simple. CMR is not required for them to do it,
plain old PGP 2.6 will work just as well. If they are going to start
passing draconian laws in regards to encryption nothing done here will be
of any importance as they will outlaw anything that does not conform
(volentary GAK will never work and they know it).

The WHOLE POINT is that we don't want to make it any easier for any
government to impose such laws. If CMR becomes widespread, it is very
easy for a government to pass a law saying "This GMR key must be used as
a recipient on all messages". If everyone is using CMR already, few
people will see this as particularly controversial. 

Oh please, this is just more bad logic on top of bad logic.

Having a CMR flag in some public keys does not mean that everyone is using
CMR let alone support your position that this somehow conditions the
public to support GMR.

You have failed to show that having a CMR flag leads to everyone using CMR
which leads to the government mandating GMR which leads to everyone
accepting GMR. The only leg you have to stand on is the fearmongering the
the government somehow someway might in the future pass some law to abuse
CMR. My point is that if they are going down this route they don't need
CMR to do it and CMR does not in any significant way aid them in this

Even worse, it allows
governments to force such schemes on other countries without such laws.
If the US passed such a law, all US citizens' keys would have an ARR for
the GMR key. So if someone living in a country with more sensible
legislation sent the US citizen a message, it would still be snoopable by
the NSA. Is this what you want?

well you are missing a step or two here:

1st everyone overseas must be using CMR.
2nd that software must force the user to encrypt to the GMR key.

Debating what should or should not be in the Open-PGP specs based on what
law some government may or may not pass in the future does not have a
place here.

Au contraire. The overall aim of this exercise is (at least, I used to
think) to improve everyone's privacy and prevent Big Brother taking over.

No that is not the purpose of this group. The purpose of this group is to
provide a strong message encryption standard. Debate on the technical
merits of any part of the spec is warranted, political fearmongering is

To quote Phil Zimmerman:

"It's poor civic hygene to install technologies that may someday
facilitate a police state."

[Source: Bruce Schneier]

Lets see here, you take a quote of a quote from a competitor of PGP Inc.
as a factual statement and the basis of support for your position. Sorry
you will have to do better than that.

I would say a central principle of Open PGP design should be that we do
not do this.

Well I will wait until the official draft is made available and then make
my judgement on the technical merits of the proposal. The political
fearmongering can be left for other lists.

- -- 
- ---------------------------------------------------------------
William H. Geiger III
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at:                 
- ---------------------------------------------------------------

Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000