[1741] in cryptography@c2.net mail archive
PGP GAK compliance discussions are on OpenPGP list
daemon@ATHENA.MIT.EDU (Adam Back)
Sat Oct 11 16:27:05 1997
Date: Sat, 11 Oct 1997 09:14:06 +0100
From: Adam Back <aba@dcs.ex.ac.uk>
To: cryptography@c2.net
[I'd appreciate it if you let this one through, Perry, as I consider
this an important point, and some of the high reputation crypo
consultant ex-cypherpunks subscribers are hanging out on your list,
and I would like their input, also the last article in the thread you
you did let through by accident was an out of context misunderstanding
of my point in my view.]
Just a short note to encourage those of you who are concerned about
PGP Inc's move to include GAK complaince to subscribe to the IETF
OpenPGP list by sending an email with body:
subscribe ietf-open-pgp
to <majordomo@imc.org>
A short summary of what the beef is in my view: On cypherpunks and
OpenPGP some of us have been arguing that PGP's method of implementing
a form of corporate message snooping results in GAK compliance in PGP
products. PGP is attempting to persuade the IETF to include this GAK
compliance feature into the now IETF controlled OpenPGP standard.
The argument against their method (and there are other methods which
can implement their perceived business requirement for message
snooping) are that by putting GAK compliance into the OpenPGP
standard, we will have lost major ground in the fight against the US
administration's attempt to institute mandatory GAK. Even if PGP is
sincere in their claim of never allowing use of their products for
mandatory GAK, there are competitors such as perhaps IBM, or TIS who
will be all too happy to implement the thus enabled OpenPGP compatible
mandatory GAK.
The opportunity to use the governments own strategy of enforcing
non-compliance to non-GAK products (as some of you will remember in
the Clipper IV software key escrow criteria of last year) in reverse
and make it non-compliant with the OpenPGP standard to implement GAK
is too good a monkey-wrenching opportunity for PGP Inc to throw away
lightly. I feel this point may have major significance in the
on-going fight against GAK.
Thanks for your attention,
Adam
--
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
