[1704] in cryptography@c2.net mail archive
Re: Are we all looking at the same PGP 5.5 ?
daemon@ATHENA.MIT.EDU (Colin Plumb)
Tue Oct 7 11:45:21 1997
Date: Mon, 6 Oct 1997 20:46:01 -0600 (MDT)
From: Colin Plumb <colin@nyx.net>
To: cryptography@c2.net
Marc Horowitz said:
> The slippery slope issue is a real one, and I agree we need to discuss
> it. But claiming that corporate data recovery *itself* is unneeded is
> ignoring the reality of the market. Customers have asked for it, for
> good reasons. Perhaps the dangers are so great that providing the
> feature is a bad idea. I'm willing to be convinced, but I don't
> accept this as a given.
Actually, it would scare you what customers asked for. There are people
using PGP now in a "I will generate your key and keep a copy" mode.
Not a very nice thing. The "spare key" facility it to try to *reduce*
the need to have people share keys.
But yes, it's a delicate balancing act. If anyobody has any better
ideas on how to juggle the issues, it seems worth discussing. You can
decide that someone else is making the moral decisions (e.g. the
corporate security nazi who approves the PO) and you don't have to
worry about it. You can decide that something is wrong, and not touch
it. (It seems unlikely that someone else won't smell money and adopt
alternative No. 1, though.) Or you can try to set the best possible
example that people will actually follow.
The important point in what PGP 5.5 does is that it's visible and
optional. It's intended for people who approve of the extra "door".
(Or, realistically, are sufficieltly blase' not to feel inclined to
bother removing it.)
It's impressive how many people wish they could make it mandatory.
Arguments about superencryption don't seem to have any effect. The
fact that it's a trivial post-processing step to remove or corrupt the
"spare key" (the session key encrypted to the additional recipient)
they seem to think is a flaw.
Sigh. The SMTP proxy to enforce encrypted e-mail has obvious security
advantages. (And yes, hotmail or other gateways provide workarounds.
For the purpose of catching mistakes, it suffices to watch the obvious
was to make them.)
The "must be encrypted to key X" enforcement was too easy to add to
refuse, but the reason it was demanded so vociferously was rather
odd: there was serious paranoia about employees leaking secret info.
Setting aside the questions raised by the September 29 Dilbert, the
fact that most people just take paper or floppies out the front door
(or just talk) seems to not affect the paranoia.
It tough when logic isn't enough. I guess it's that same old
perception of risk thing that the FBI is suffering from, too. New and
unfamiliar things are much more threatening than the old familiar
dangers, like driving.
--
-Colin
