Fisher Mark <FisherM@exch1.indy.tce.com> writes:
Mark Grant <mark@unicorn.com> writes:
Yes, but PGP WANT TO BUILD THIS INTO EVERY SYSTEM THEY SELL!!!!! I don't care that any Perl hacker can write a script which builds CMR into PGP 2.6.2, because those scripts are restricted to those who wish to use them. PGP ARE BUILDING THE FUNCTIONALITY INTO EVERY PRODUCT THEY SELL!!!!
But the changes to add GAK/GMR/CMR to PGP (or any other crypto product that permits multiple recipients) are close to trivial. Don't be fooled into thinking that if PGP takes this "feature" out (can't be a bug -- it's documented :) that that will make it a lot harder to add that feature back in once the appropriate laws are passed.
Adding the feature clearly will be easy. But persuading the people using the non-CMR enabled software base to downgrade will be a big problem. I wonder how many people will still using old versions years later. There is a huge inertia to not upgrade that frequently. People don't like upgrading, companies don't like upgrading, it costs time, money, it's unwanted hassle. I'm guilty of this myself in some areas. `do fix what isn't broken'. Eg I'm using an ancient beta Xfree86, and hacking around the expiry simply because I can't be bothered to download and install the next version. At dcs.exeter the admins were _way_ behind. I had netscape2, and then 3 installed for myself and friends to use, while they were still trundling along with an antique NCSA Mosaic beta version or something. I had gcc-273 installed in my own filespace and they had gcc-258 or something (it matters if you're using templates.. the old ones are more broken).
Still, in retrospect, PGP's engineers and scientists should have thought about all the security implications of CMR -- they might have implemented CDR to begin with.
You would've thought, yes. Even from a security point of view, forgetting political arguments CDR is better. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`