-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 08:48 PM 10/7/97 -0500, Bruce Schneier wrote: If this is true (and I have no reason to believe it isn't), then why is the key escrow code written (although not turned on) in the source code for 5.0 that was posted internationally from PGP? I just got through talking to one of the developers, and think I found what you're talking about, Bruce. In "pgp.c" of the Unix 5.0 published edition, there's some old Viacrypt code with a comment that says, 'This is our version of "Commercial Key Escrow"' but in fact just adds an additional recipient to the encryption list. It is not in any shipping PGP product. If there's anything to laugh about in all this, if you try to use the feature in the Unix freeware, it core-dumps. It doesn't appear at all in the Mac and Windows code. It's completely gone as of now. Jon -----BEGIN PGP SIGNATURE----- Version: PGP for Business Security 5.5 iQA/AwUBNDwkNn35wubxKSepEQJMvACfWZHVKkYswR9xLibuY8496a4GcaAAoNSB Yda/tOiQA1vLGocTL0N6XVj1 =LNYn -----END PGP SIGNATURE----- ----- Jon Callas jon@pgp.com Chief Scientist 555 Twin Dolphin Drive Pretty Good Privacy, Inc. Suite 570 (415) 596-1960 Redwood Shores, CA 94065 Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS) 665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)