Anonymous writes:
mark@unicorn.com writes:
[super encrypt instead of CMR]
Neat, automatic superencryption.
Could the same idea work with the Pgp method with the CMR key? You would encrypt to the user first, then reencrypt to the combination of user and CMR key.
I think that is redundant -- if only the user can decrypt to get the
actual plaintext -- you'd just as well send encrypted to the user
alone.
Super encrypting with a non-CMRed company key is perhaps what you are
thinking, and then encrypting internally to user and CMR key.
This would be a definate improvement over straight forward CMR because
it is effectively a poor-mans Transport Level Security (TLS), and
therefore denies access to the ciphertext (and attached CMR recovery
info) to governments and other intruders.
Still I think better yet not to send recovery information over the
wire at all, unless there is a user requirement for message screening.
The stated corporate user requirement for CMR by PGP Inc is recovery
of stored files.
Adam
--
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0