Anonymous writes:
You've got a lot of nerve accusing PGP, Inc. of being "sellouts" when you're over on open-pgp pushing KEY ESCROW, of all things. I can see it now, the new product name, "PGP with Key Escrow". Motto: "Lose your key? Don't worry, we've got a copy." Do you really think cypherpunks are going to support key escrow? Fat chance.
I take your comments to be directed at my Corporate Data Recovery (CDR) proposal which I presented as a more GAK resistant alternative than PGP Inc's Corporate Message Recovery (CMR) proposal. Data recovery is less dangerous than communications recovery. Why? Scenario #1 (comms recovery): government mandates everyone gives them comms recovery key (CMR key). Government can key word scan all your messages in real time. If you are non-technical and don't know to hack around it you either comply or are caught out, and suffer penalty for breaking law. Scenario #2 (data recovery): government mandates everyone gives them data recovery key (CDR key). If government raids your offices or home, they can recover your plaintext. If they do not raid your home they can not. Raiding homes is expensive. They can't raid all homes because they do not have the money. Also, they can't check whether you are using GAK software -- until they raid you they won't know. When they raid you you are likely in trouble anyway, so you may as well not use GAK software if you figure you are likely to be raided. Therefore GAK on data doesn't work as well, and doesn't as much affect the balance of power between citizens and governments as GAK on communications does. Can you see flaws in this reasoning? Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`