William H. Geiger III [whgiii(_at_)invweb(_dot_)net] wrote:
well you are missing a step or two here:
1st everyone overseas must be using CMR.
2nd that software must force the user to encrypt to the GMR key.
This is precisely the point we're making. If CMR goes into the Open
PGP spec then this will happen *automatically* with any compliant
application which receives a GMR key from abroad.
I have no great problem with defining the neccesary flags and tags
as 'implementation defined' so that non-CMR applications won't barf
when they see them, but I certainly do not want to have to build
snoopware into my applications in order to comply with the standard.
The purpose of this group is to
provide a strong message encryption standard.
Good; so let's create that standard and leave snoopware, message
recovery and key escrow to individual implementors.
Mark