[cryptography snipped, Perry's killed the thread] Jon Callas <jon@pgp.com> writes:
At 08:48 PM 10/7/97 -0500, Bruce Schneier wrote: Jon Calis wrote: If this is true (and I have no reason to believe it isn't), then why is the key escrow code written (although not turned on) in the source code for 5.0 that was posted internationally from PGP?
Bruce, I understand that you don't like any form of data recovery, but there is no key escrow in PGP. Perhaps we should talk about this on the phone.
Oooh. PGP Inc damage control mode on <clunk>! We all would like to hear the reason too, Jon :-)
Makes no sense.
Here are a couple of reasonably plausible ones: - common source tree with #ifdefs for different products - some functionality required even in non business version to inform user about policy flag meanings btw I didn't read the source code quoted so that second attempt at a plausible reason might be a dud. btw2: it isn't just Bruce that doesn't like key escrow. btw3: your definition of "data recovery" is wrong. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`