[Top] [All Lists]

Re: Just say NO to key escrow or CMR/ARR revisited

1997-11-05 09:04:41
William H. Geiger III [whgiii(_at_)invweb(_dot_)net] wrote:

well you are missing a step or two here:
1st everyone overseas must be using CMR.
2nd that software must force the user to encrypt to the GMR key.

This is precisely the point we're making. If CMR goes into the Open
PGP spec then this will happen *automatically* with any compliant
application which receives a GMR key from abroad. 

I have no great problem with defining the neccesary flags and tags 
as 'implementation defined' so that non-CMR applications won't barf 
when they see them, but I certainly do not want to have to build 
snoopware into my applications in order to comply with the standard.

The purpose of this group is to
provide a strong message encryption standard. 

Good; so let's create that standard and leave snoopware, message 
recovery and key escrow to individual implementors.