[Top] [All Lists]

Re: Just say NO to key escrow or CMR/ARR revisited

1997-11-05 15:34:34
At 13:25 -0700 on 11/5/97, Jon Callas wrote:
At 08:04 AM 11/5/97 -0800, mark(_at_)unicorn(_dot_)com wrote:
   I have no great problem with defining the neccesary flags and tags
   as 'implementation defined' so that non-CMR applications won't barf
   when they see them, but I certainly do not want to have to build
   snoopware into my applications in order to comply with the standard.

This is *PRECISELY* what my original suggestion was. I think this is why
some people talk about "fear mongering." No one has ever suggested anything
by just defining the tags, and leaving treatment up to the application,
except the fear mongers.

It is not fear-mongering to request that the tags not even be defined
because they unnecessarily weaken the security of the standard.

Please, let's not place hooks that can easily be abused to require
encryption to 3rd party keys into the standard.  Enforcement of such
requirements by software such as PGP's SMTP agent are all too real
possibilities (er, that exists already, doesn't it).

Also, use of "recovery" keys to which a large amount of traffic is
encrypted merely provides a high value key as a target for attack, by any
adversary, government or not.

Instead, let's leave message recovery up to the implementors of individual
applications, as an added feature not part of the official open-pgp
standard.  Those who sell into markets where such features are desired can
add them.  The rest of the world will not have to be forced to go along.


<Prev in Thread] Current Thread [Next in Thread>