Kent Crispin <kent@bywater.songbird.com> writes:
It may be less obvious, but despite what PGP claims, a significant fraction of this demand is for the ability to SNOOP, and not just data recovery.
I was suspicious about this also, the CMR design makes much more sense if this is the user requirement. Binding cryptography also would make sense for this requirement. But the last time I expressed this suspicion on this list Jon Callas clearly stated that this was not the case: Jon Callas <jon@pgp.com> writes: : It is possible that : there is an unstated perceived user requirement, that the messaging : standard be able to allow third party access to the communications : traffic directly. : : Nope, that's not what we're arguing for. So it would appear that your suspicious are unfounded...
*All* the debate on this list implicitly takes the employee's side, not the management's side, and that is a serious lack. The unpleasant fact is that managers NEED TO BE ABLE TO SNOOP.
Okay! Some one who is able to say the unpleasant words. (I think Lucky may have been hinting at this also). If this is the case, I reckon it's still better to just escrow their comms keys locally. Put them all in the company safe, whatever. To go with this kind of a company with this kind of policy, I would presume that sending or receiving super-encrypted messages would would be a sackable offense. However, there is an alternate reason for the CMR design, which you don't include above (tho' you did I think discuss this earlier): That PGP Inc thought CMR would be easier to implement within their plugin API, and dual function crypto (file encryption, and email encryption), and to cope with things like encrypt-to-self on Cc: to self to keep copies.
It is terrible to work for an employer who will snoop, but it is just as terrible to have dishonest employees. It doesn't take a genius to realize that the existence of dishonest employees is a primary motive for management snooping.
Even with snoopware such as you describe, and companies with such attitudes, there are other similarly easy ways to get data out: user walks out of building with floppies. In fact from memory I think this was one you suggested: "frisbee DAT tape out of window to sweetheart" or words to that effect.
Clearly, there are some organizations for which this is more important than others -- financial services companies are only the most obvious example.
Maybe. If PGP Inc want to go this far, and design software with these features, I reckon local key escrow is better. However that is not what they are saying. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`