Bill Stewart <stewarts@ix.netcom.com> writes:
At 02:38 AM 10/27/1997 -0800, mark@unicorn.com wrote:
Really? I seem to recall Jon Callas saying my system 'redesigned CMR' but was simpler than theirs. The mere fact that CMR requires an enforcer implies that it's a convoluted and hasty design.
Not true - you can't implement CMR without a mail enforcer unless you can stop your employees from using non-CMR versions of PGP, which is nearly impossible. Even with an enforcer, of course, you can't stop the determined employee from double-encrypting and steganizing and otherwise getting their outbound bits past your enforcer or Pointy-Haired-Boss randomness,
If the corporate is serious about preventing encrypted messages leaving their net that they can't read, the simple solution is to disallow employees from using encryption -- have the enforcer encrypt it. Even if you were to use CMR, it is dumb, dumb, dumb, to allow the snoop key to remain after the message has passed the enforcer -- it should strip it off on the way out.
but they could also carry a floppy disk out the door or beam infrared out the window from their Newton.
Attempting to compress the plaintext helps -- if it won't compress (much) you get suspicious. Pointy-Haired-Boss randomness always works -- compresses well and can encode anything.
Similarly, on incoming mail, you can't stop people from sending your employees non-CMRed mail without an inbound-mail enforcer and can't stop your employees from reading it with their own warez.
Even with enforcer and CMR it's possible to get past it, super-encryption, garbage in CMRK second recipient field, and Pointy-Haired-Boss randomness. Simpler, safer, and more effective to just escrow the employees company use key -- that ensures there is only one recipient on the message passing over the internet.
More importantly, though, PGP isn't a mail program, it's an encryptor, and if you're trying to stop people from sending encrypted mail back and forth, you've got to control the mail system as well as the encryptors,
So ultimately prevention largely falls back to controlling what software people are running inside the building -- no laptops in or out, no floppies in or out, no installing software, metal detector at door, body scan, the works. Detection of sending encrypted mails is easier -- just try to decrypt everything and have all keys necessary escrowed. Anything which can't be read doesn't make it in; anything sent which can't be read results in a sacked employee. Companies which aren't after this level of paranoia, but just want to be able to recover company business mails queued when employee is away -- fine have separate personal use keys attached to the same signature key. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`