[1698] in cryptography@c2.net mail archive
Are we all looking at the same PGP 5.5 ?
daemon@ATHENA.MIT.EDU (John R Levine)
Mon Oct 6 12:19:46 1997
Date: Mon, 6 Oct 1997 11:41:37 -0400 (EDT)
From: John R Levine <johnl@iecc.com>
To: cryptography@c2.net
In-Reply-To: <v03007807b05e48a444c5@[198.115.179.81]>
> GAK-enabled PGP, plain and simple!
I took a look at PGP's press releases, and what I found was a system
that lets management implement and enforce encryption policy for
e-mail and stored files. One can implement rules that, for example,
require that mail to or from certain IP ranges or DNS domains be
encrypted or digitally signed. The "corporate message recovery"
presumably means that you can set it up so that certain classes of
outgoing mail use the corporate recipient key as well as the nominal
recipient key(s) so the company can see what the message says.
Mail is still sent with boring old unencrypted SMTP. (It kind of has
to, if you expect anyone to be able to receive it.) There are no
session keys to escrow even if someone wanted to do so.
I personally don't have much use for a product like this, but I can't
see that it's any different in concept from any other corporate key
system. It's intended to avoid situations where an employee drops
dead or quits, and company files he created become unreadable, or to
enforce more or less intrusive company rules about use of company
resources.
GAK is a real threat. Let's not be distracted by side issues.
Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner
Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
