[1700] in cryptography@c2.net mail archive
Re: Are we all looking at the same PGP 5.5 ?
daemon@ATHENA.MIT.EDU (Adam Back)
Mon Oct 6 18:42:10 1997
Date: Mon, 6 Oct 1997 18:31:50 +0100
From: Adam Back <aba@dcs.ex.ac.uk>
To: johnl@iecc.com
CC: cryptography@c2.net
In-reply-to: <Pine.BSI.3.91.971006113032.8449C-100000@ivan.iecc.com> (message
from John R Levine on Mon, 6 Oct 1997 11:41:37 -0400 (EDT))
John R Levine <johnl@iecc.com> writes:
> I personally don't have much use for a product like this, but I can't
> see that it's any different in concept from any other corporate key
> system. It's intended to avoid situations where an employee drops
> dead or quits, and company files he created become unreadable,
I'm not sure there is anyone around who is mailing mission critical
information to someone else in email and simultaneously deleting the
copy on disk?
If the employee drops dead you read the disk, or if there are problems
with that recover it from backups.
This has zip to do with commercial or government access to keys.
> enforce more or less intrusive company rules about use of company
> resources.
That is what it is about.
> GAK is a real threat. Let's not be distracted by side issues.
It's a very related issue. If PGP Inc develops a GAK infrastructure
under the name "corporate key escrow", and then the government starts
to mandate use of such systems, then we may well have the situation
that key escrow is introduced via companies.
This is a historical precedent for this kind of thing: employee drug
screening. The corporate is deputised to carry out functions law
enforcement would like to do but can't.
Adam
--
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
