Toto <toto@sk.sympatico.ca> writes:
Kent Crispin wrote:
You keep talking as if your CDR proposal is other than vaporware. So far as I have seen you don't have a proposal, you have a wish.
Given Adam's many accomplishments in the arena of CypherPunks issues, I find it hard to make a case for his discussion in this area to be mere mental masturbation.
Thanks for the vote of confidence Toto. Also I must raise the point that it is not a lone stand. Other people are arguing against PGP Inc's CMR proposal, and are arguing for more GAK resistant variants, and alternatives. Several amongst those who have so argued are higher reputation than myself: Bruce Schneier, (plus some others with similar crypto credentials I have asked for comments from off list which I can not reveal due to ethics of email confidentiality). I have some small about of credibility myself I think also. In addition I consider myself, Tim May, Peter Trei, Attila T Hun, and the many others arguing for more resistant variants to have some reputation, and it seems unlikely to me that we would all burn our reputations over an insignifcant point. We are collectively arguing because (and I think the others will agree) we think that there are more resistant variants than the CMR proposal used in pgp5.5. These variants are also practical within the constraints imposed by the plug-in APIs, and user requirements PGP must work within, I believe. Even Kent Crispin who seemed to dismiss the first round as an insignificant difference, is offering more resistant variants. PGP Inc's Jon Callas together with cypherpunks Bill Stewart, Attila T Hun, and myself were also arguing that even TLS (transport level security), or in other words an extra encryption envelope over the recovery information is an improvement. (Particularly if you do as I argue for and try to make the TLS keys user owned where possible, and try to make the system as forward secrect as possible). However the biggest point of all is that: communications keys are more valuable to any attacker (government, unscrupulous little brother, or industrial spy) than storage keys. I would be interested to see any one willing to burn their reputational capital refuting that simple point. That point is the simple central starting point for all arguments about the dangers of allowing recovery information to be transmitted with the communication. Recovery information should be local whereever possible. Bruce Schneier had harsh words to say about violating this principle in one of his recent cypherpunks posts. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`