[1702] in cryptography@c2.net mail archive
Re: Are we all looking at the same PGP 5.5 ?
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Mon Oct 6 19:05:28 1997
To: Adam Back <aba@dcs.ex.ac.uk>
Cc: johnl@iecc.com, cryptography@c2.net
From: Marc Horowitz <marc@cygnus.com>
Date: 06 Oct 1997 18:52:44 -0400
In-Reply-To: Adam Back's message of Mon, 6 Oct 1997 18:31:50 +0100
Adam Back <aba@dcs.ex.ac.uk> writes:
>> I'm not sure there is anyone around who is mailing mission critical
>> information to someone else in email and simultaneously deleting the
>> copy on disk?
>>
>> If the employee drops dead you read the disk, or if there are problems
>> with that recover it from backups.
>>
>> This has zip to do with commercial or government access to keys.
What makes you think that all critical email is on disk in the clear?
I've done substantial design and review entirely in email, some of it
private, when the whole team doesn't need their mailboxes invaded.
It's entirely possible for myself and the only other person in some
critical loop to be in the same car and get killed (in Boston, it's
even more likely). My company has an interest in making sure it can
recover our discussions.
Also, keep in mind that this only works because PGP generates
persistent messages. (Question for those who know the product: is the
message also forwarded to some central location, or is recovering the
ciphertext also part of recovery here? If the latter, then if you
send me a message, I delete it, and nobody was sniffing around, then
it's still a secret.) For truly interactive sessions, there's no
place to store the data for later recovery.
>> It's a very related issue. If PGP Inc develops a GAK infrastructure
>> under the name "corporate key escrow", and then the government starts
>> to mandate use of such systems, then we may well have the situation
>> that key escrow is introduced via companies.
The slippery slope issue is a real one, and I agree we need to discuss
it. But claiming that corporate data recovery *itself* is unneeded is
ignoring the reality of the market. Customers have asked for it, for
good reasons. Perhaps the dangers are so great that providing the
feature is a bad idea. I'm willing to be convinced, but I don't
accept this as a given.
Marc
