[2086] in cryptography@c2.net mail archive
Re: statement of intent, security of CMR (Re: GAK and S/MIME)
daemon@ATHENA.MIT.EDU (Lutz Donnerhacke)
Wed Jan 28 15:50:20 1998
To: cryptography@c2.net
From: lutz@taranis.iks-jena.de (Lutz Donnerhacke)
Date: 28 Jan 1998 10:29:07 GMT
* Andreas Bogk wrote:
>After all, the government could force manufacturers of MUAs with PGP
>support to automatically include an additional recipient. This even
>works with PGP 2.x. So CMR doesn't make access to communications any
>easier.
No. (Third try to describe the scenario for you... :-/)
Widespread PGP5 versions automatically encrypt also to the additional key on
replys. So you a small amount of users with CMR compromise the secret
communication of a lot of other people. A gouvernment can not introduce your
sheme, if it is not easy to handle. So if PGP5 mit CMR is widely used, they
can introduce such a requirment. They may even ship a special tool to add
the regional gouvernmental key to all your public keys (because you have
nothing to hide and not your own mail -only answers- can be read by them).
Some years later the will publish a study claiming that criminals still use
software without CMR, but everybody else does. So they urge the ISPs to
install a policy enforcer and block all unescrowed communciation.
This is only possible, if the majority of users must not change something on
there software. Deployment wins.
If you are able to install your modifieded PGP2.x & Mailer on most computers
(urge the users to switch to an other software/usage), you can achive the
same goal. But this is implossible.
The CMR approach works much better. You can't read the interesting mails
at the beginning, but ... some years later... nobody will notice the lost of
his privacy.
>I consider corporate key escrow to be damn close to government key
>escrow.
So distinguish between Storage and Communciation. The problem disappears.
>A program which doesn't offer a choice, and doesn't explain to the
>user the result of using the feature should be considered insecure. I
>don't think that a dialog box asking the user if he wishes to make the
>message readable to the following additional reciepients is hard to
>understand.
>
>Of course, by that definition PGP 5.0 is not secure. Too bad their
>copyright prevents anyone from distributing derivative work.
OpenPGP solves this problem. There are clear statments in my draft. The
reference implementation and formal specification will deal with this problem.
ftp://ftp.iks-jena.de/pub/mitarb/lutz/crypt/software/pgp/OpenPGP/
>And you can turn every scheme into government suppression.
No. You need demployment first.
Andreas... why don't your try to understand this?
