-----BEGIN PGP SIGNED MESSAGE-----
IMO, Phil/PGP should simply present the standard to IETF for
review, make any modifications, resubmit and so on a couple more
times and present a finished product.
This group simply illustrates to me the fundamental rule that to
really screw things up requires a committee. Though W. Geiger,
Jon and a couple others are signalling quite well, others have
an enhanced noise level which seems to be subverting any
progress while others (i.e. RSA) manage to get their PR licks in
on other fronts. (Wonder if any posters are RSA stooges ...?)
On Wednesday, November 05, 1997 7:54 AM, William H. Geiger III
[SMTP:whgiii(_at_)invweb(_dot_)net] wrote:
-----BEGIN PGP SIGNED MESSAGE-----
In <346040BE(_dot_)CC04D7C0(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk>, on 11/05/97
at 04:47 AM, Ian Brown <I(_dot_)Brown(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk>
said:
-----BEGIN PGP SIGNED MESSAGE-----
A completely bogus crux. In *both cases* we are talking
about
encrypted email. Therefore, in both cases we are talking
about
data
sent across an insecure network. Therefore, in both cases
the
FBI has
access to the ciphertext. In either case, data that
doesn't get
sent
across an insecure network is not the issue.
Forward secrecy in email is an orthogonal issue to CMR/key
escrow.
Forward secrecy in email is orthogonal to this post.
In a CMR scheme, with a mandated government recipient, the
ciphertext is
sent across an insecure network. There it can be intercepted
and
read by
any interested TLA.
In an escrow scheme - with escrow of either decryption keys
or
ciphertext
encrypted to a company/FBI key *inside an organisation* -
ciphertext *outside* the organisation is not encrypted to
anyone
except
the recipient. It can be intercepted but not read.
You are not making any sense here. CMR doesn't
automatically
give
keys to anyone.
No, I didn't say that. With a mandated government recipient,
no
keys need
to be handed over. The ciphertext can be read as is.
This argument against CMR is getting old and is as flawed as
when it
was
first brought up. :(
Plain and simple with or without CMR if the government is
going to
pass
laws requiring that all messages be encrypted with a
government key
then
you are f**ked, plain and simple. CMR is not required for them
to do
it,
plain old PGP 2.6 will work just as well. If they are going to
start
passing draconian laws in regards to encryption nothing done
here
will be
of any importance as they will outlaw anything that does not
conform
(volentary GAK will never work and they know it).
Debating what should or should not be in the Open-PGP specs
based on
what
law some government may or may not pass in the future does not
have
a
place here. I propose that the FBI/CIA/NSA ...et al will get
laws
passed
banning the use of all crypto therefore we should drop
everything
pack our
bags and go on home.
- --
- -------------------------------------------------------------
- --
William H. Geiger III http://users.invweb.net/~whgiii
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at:
http://users.invweb.net/~whgiii/pgpmr2.html
- -------------------------------------------------------------
- --
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000
iQCVAwUBNGBvYY9Co1n+aLhhAQHCOQP+MP2lwXtizpaPcg2N5nxMx8qO4WvjILIR
LOS28FasDwTkT3dkgSUYP971m6BcwsdUmWr13P7aKDMb7E6UUC3rC9ax24qzeCFf
obadn0TrqWiCw9/VfKR9FvuxhxeYUF+KkiTE5JybVh1P4GQTyJXNmWtmLyBI/L
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBNGCGiw/p7jvmPnflAQEtBgf/WzRfVMSAQZ/lh4r0XI1n1UpFDU/iJIck
98KNECbRthWGXECVEzHHJsXappLXA2fp8PdW7Fz79JJfZxt93p4dTmMvzITbyerU
M/SE/JCeVDm70fgIt2iKT9zuC8c/qzNjvoc5NX3ie/AzIDP09KOCGU0CKYaO+Ne5
UH/eumUt4uRyKYhgoSCdJaw+vP5vpTvhtzyffbroWJTEWp366DAPkfuyCpF7maof
OQ+D/bTl/a9nd9PMIAKLVrMVt/1jqiIYNmg/9i4y/cCdkRPJ/6dFzdtA7pwQA1S9
TZUlVmIQiCLRCuoupzJmhwamq+0PqZfd5UEhpW4YXBqCNPdWotAtEA==
=DarX
-----END PGP SIGNATURE-----