At 02:27 PM 10/7/97 -0700, Jon Callas wrote: [Explaining PGP's rather alarming "data recovery" features.]
Well, that's mostly all it is. There are other bits of the system. For example, if I look up Alice's key on a key server and Alice has a recovery key, I get Alice's recovery key, too. If Alice's recovery key is a "please use" key, then I can encrypt to Alice alone. In any case, the PGP software tells me that Alice has a recovery key, so I can decide to use some other mechanism to talk to her.
Sending a copy to the boss of everything Alice sends is OK. If Alice wants to send something her boss should not read, perhaps she should use her private account, rather than a company paid account. Sending a copy of everything Alice receives to the boss or HR is not OK. Alice should get to control it. It would be acceptable for the company system to keep track of what Alice has received, and flag "Alice received something, and has not yet filed the cleartext copy with us" It is not acceptable to just plain snoop on what Alice receives.
Note that design satisfies the opt-in and fair-warning requirements. Also, since Alice's recovery key is an attribute of her self-signature, she can change it. She can even have a second user name (let's call it Bob), that has no recovery key.
Alice needs finer granuality of control. The leakage to her boss primarily affects her, rather than the sender. Furthermore any auto-snoop feature sets a very dangerous precedent. It is politically a lot more difficult for the FBI to mandate that they can recover your data, if such a mandate leads to the message flashing up, "now sending a copy to the FBI" every time you decrypt something. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd@echeque.com