I'll try a different way of making my points... At 9:12 PM -0700 10/14/97, Lucky Green wrote:
I can't help but see a difference between enforcing to encrypt to a default key and storing the user's key outright. IMHO, the former entails less potential for abuse.
All other things being equal, maybe the former is slightly less intrusive than the latter. But maybe not even this, as the two give the same results. After all, what's the real difference between "all mail, incoming and outgoing, must also be encrypted to a CMR key" and "you must deposit a copy of your key with us"? And things are most definitely not equal, in the "all other things being equal" sense. To wit, with the "storing a user's key outright" approach, if thousands of companies and whatnot are doing this, there will be a mishmash, a welter, of confusing, conflicting, byzantine arrangements. Some employees will store their mandated spare keys in the department safe, some will put them in "open upon my death" envelopes, some will "forget" to update the files with their latest keys, and so on. With this chaotic and anarchic approach, of "let a thousand solutions bloom," Big Brother will have the devil of a time forcing GAK/GMR (_Government_ Message Recovery_). It's essentially the chaotic, anarchic, non-system being used today. (And I've seen little evidence corporations are collapsing; as noted in several messages, very few pieces of e-mail are terribly critical, and even fewer can't be recovered from local files...the market for CMR is for law enforcement and e-mail snoopers.) By contrast, a CMR system BUILT INTO PGP (!) will potentially become widespread, especially if support of the non-CMR-compliant version languishes. Or, God forbid, CMR is mandated (perhaps by "Standard Accounting Practices" sorts of pseudo-mandates). I'll take the chaotic and anarchic solution. And no matter how "elegant" PGP Inc.'s solution is--which I reserve judgement on, not having studied in as much detail as, say, Adam Back has--no matter how "elegant," it is still building a dangerous tool for surveillance into a widely-deployed product. --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."