Tim May <tcmay@got.net> writes:
Declan writes:
[...]all Rep. Solomon etc. have to do is wave around a shrinkwrapped copy of PGP and say: "I bought this for $19 at the Egghead shop at 21st and L." Details will be lost in the fearmongering.
Yep, they're already doing this. This was reported a week or so ago, somewhere here in Cypherpunks.
Another interesting thing was that the French picked up on it too -- very interesting for them because they are just switching from crypto-ban to mandatory GAK. I suspect if PGP Inc could get an export license they would buy in to it heavily. (Fabrice Planchon <fabrice@math.Princeton.EDU>, and Jean-Francois Avon kindly translated a French document on the web "pgp tows the line" or something like that I think was the consensus they arrived at on correct translation of the title of the document). The indirect other danger is that in going the CMR route, PGP Inc may be standards setters either through the OpenPGP standard, or outside of it (in a similar way to the way netscape extensions are supported by many vendors long before they are part of HTML 3.x or whatever). If CMR becomes the standard, this greatly simplifies the task of TIS, or TIS europe, or anyone else in building a much more GAK friendly product which can interoperate with OpenPGP. I think I saw a tis.com address on ietf-open-pgp discussions list and wouldn't be surprised if they are busy building TIS OpenPGP compliant GAKware right now. A second indirect danger is that by taking this approach PGP Inc damages itself by isolating itself from the large cypherpunk and pro-privacy community, and that an even less friendly crypto email standard wins by default. How much protection do we have in S/MIME vendors. We were relying on PGP Inc to set the pro-privacy, anti-GAK line, and then we all would have been behind them in pushing the OpenPGP standard ahead of other standards because of it's GAK resistance. As it is various cypherpunks are scrambling trying to keep the OpenPGP standard a CMR free-zone, at least as a temporary measure for this version of the standard. As to what PGP Inc were thinking, I'm not sure I understand what they were thinking ... Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`