[Top] [All Lists]

Re: Just say NO to key escrow or CMR/ARR revisited

1997-11-05 13:24:58
At 08:04 AM 11/5/97 -0800, mark(_at_)unicorn(_dot_)com wrote:
   This is precisely the point we're making. If CMR goes into the Open
   PGP spec then this will happen *automatically* with any compliant
   application which receives a GMR key from abroad. 
How do you know?

From my very first post on the subject to the OP list on CMR, I said that I
opposed what you're suggesting above. If CMR were mandatory, PGP products
would not comply, because it isn't mandatory in any PGP product.

   I have no great problem with defining the neccesary flags and tags 
   as 'implementation defined' so that non-CMR applications won't barf 
   when they see them, but I certainly do not want to have to build 
   snoopware into my applications in order to comply with the standard.

This is *PRECISELY* what my original suggestion was. I think this is why
some people talk about "fear mongering." No one has ever suggested anything
by just defining the tags, and leaving treatment up to the application,
except the fear mongers.


Jon Callas                                  jon(_at_)pgp(_dot_)com
Chief Scientist                             555 Twin Dolphin Drive
Pretty Good Privacy, Inc.                   Suite 570
(415) 596-1960                              Redwood Shores, CA 94065
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
              665B 797F 37D1 C240 53AC 6D87 3A60 4628           (RSA)

<Prev in Thread] Current Thread [Next in Thread>