tcmay@got.net wrote:
Our mileages apparently vary. When _I_ send a message to, say, Jon Callas at PGP, Inc., it is to Jon Callas, not to others. It might be a job offer, it might be an invitationf for him to help monkeywrench CMR, it might be a stock tip, it might be a comment about a conversation we had a party, it might be a lot of things.
Hmm, as usual, you make a good point. The uses I was thinking of were the kind of uses that people have suggested as reasons for CMR; emailing orders, etc to companies. Today I rarely do that because telephoning companies is much easier, and in the future I'd expect to be sending most of them over the Web rather than by email. I presume these *are* the kind of uses that PGP Inc are expecting, since their system seems to have no other value except as snoopware.
If I was sending it to "Jon's coworkers in Department Z," I probably either wouldn't encrypt it at all, or would (if the option existed) encrypt to some departmental or group key.
Yep, which is basically what I was suggesting. The user chooses which key to use based on their perception of the sensitivity of the message, not the enforced company policy. If it's confidential, it's confidential; if the company think I'm up to no good they can come around and force me to decrypt a particular message, or sack me if I refuse. Their call.
I expect those who adopt CMR will find an awful lot of folks will just give up on trying to communicate with those living in a CMR regime.
Ditto, at least if it's PGP's current 'mandatory voluntary' snoopware design. I won't be running any version of PGP which includes this 'feature' in its current form; I would also suggest that we boycott any scanning and proofreading efforts for future versions of PGP which include this code, or remove it from the source before release. If PGP's commercial customers lose business as a result, that's their choice. Mark