Tim May <tcmay@got.net> writes:
I'll try a different way of making my points...
At 9:12 PM -0700 10/14/97, Lucky Green wrote:
I can't help but see a difference between enforcing to encrypt to a default key and storing the user's key outright. IMHO, the former entails less potential for abuse.
All other things being equal, maybe the former is slightly less intrusive than the latter. But maybe not even this, as the two give the same results. After all, what's the real difference between "all mail, incoming and outgoing, must also be encrypted to a CMR key" and "you must deposit a copy of your key with us"?
CMR keys are the root of all evil in pgp5.5. Without them almost any permutation of recovery care to construct would be less useful to the GAKkers, for all the organisational, and inconvenience reasons Tim describes. Governments have problems handling complexity. So make their job complex. If you were one of the people writing the IRS tax software back in the 60s, and you were in deep cover, a proto-cypherpunk, and were bright enough to see the future possibilites you would have done all you could to fuck up the IRS system. You would have obfuscated the code. You would have put logic bombs in it. You would have destroyed the source code surreptisiously. (Destroying source code has analogies to destroying keys at earliest opportunity, you are destroying something which your enemy needs). Any bets as to if any of this actually happened on purpose? I reckon so. So, do you all reckon we can make task of fielding GAK impossibly complex for such a big disorganised government? Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`