-----BEGIN PGP SIGNED MESSAGE----- In <3.0.3.32.19971005124929.03dfa15c@ctrl-alt-del.com>, on 10/05/97 at 12, Alan <alan@ctrl-alt-del.com> said:
At 11:46 AM 10/5/97 -0500, William H. Geiger III wrote:
-----BEGIN PGP SIGNED MESSAGE-----
In <v03102800b05d58dd0280@[207.167.93.63]>, on 10/05/97 at 08, Tim May <tcmay@got.net> said:
Let's hope PGP, Inc. comes to their senses and stops doing the work of Big Brother.
This is really silly Tim,
The ability to encrypt using multiple keys has been a feature of PGP since day one. All the Business Edition is doing is automating the process. Despite the flawed news reports on this matter (who would have guessed) their is nothing covert about it. The user is both informed that this is being done and there is a way for the user to disable it in the client.
I guess the real question is whether the messages/files generated just add an extra key or if they leak the key through some harder to identify method.
The current version of PGP no longer shows you the list of recipients, so it is more difficult to determine if extra keys are added.
Is the method they are using for this new version to "escrow" the keys obvious to the recipient or not?
I *highly* doubt that they are doing anything other than adding an extra recipiant when encrypting. The code for doing so is already there and achives the objectives desired by their customers. Really no reason to do anything else from a programming or business prospective. I have not had a chance to obtain a copy of 5.5 and check it out so I don't know what info is being presented to the user. I don't run Win95/NT or MAC so it is unlikly that I will spend the $$$ for a copy. Perhaps someone running one of these inferior OS's could obtain a copy and investegate this aspect futher. :) Looking at the encrypted messages should revial wether or not extra keys are being added or not. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNDhTPY9Co1n+aLhhAQEI1QP9Fj3g1lC/WMiWxYCOJnyoCgniD+zb2Ksf bBWsMtflzQVSx7usOGProMxKcael8H9fHBxEuOJU+y2jlINDFAgXBCKHrErtlzfR uJ+NWGeR4ctx+qEJps0mlPcNp7cDzfX5A7bAiVnWb1G/n2R0y4+5sn1i1HkAs0sa u/5KZLVgPZg= =64ir -----END PGP SIGNATURE-----