On Sat, Oct 18, 1997 at 08:48:56AM +0100, Adam Back wrote:
Jon Callas <jon@pgp.com> writes:
[...]
My reasoning is this: as PGP Inc can not justify expense on such developments, my CDR proposal would be much safer for them to implement because it requires no steganography support, or other privacy patches to provide protection against abuse of the software for uses other than PGP Inc's designers intentions.
You keep talking as if your CDR proposal is other than vaporware. So far as I have seen you don't have a proposal, you have a wish. [...]
You are in error. The only time that you are forced to use CMR is when (1) you share the CMRK with the other party AND (2) the strict flag is set. In all other cases, you can opt-out, on a message-by-message basis. [...] However I simply posit that if you live in a scenario where everyone you would like to communicate is forced to operate under your combination: for example the local laws state all businesses and ISPs insisting that they use pgp5.5 policy enforcer and turn on strict flag.
This possibility seems to be being discounted as unrealistic, or at least as being optional, because you can by pass it.
It does seem rather unrealistic. It would essentially involve replacing the entire email infrastructure, at a significant cost, and a rather sweeping suite of further laws that restrict the use of encryption to only PGP, forbid me running sendmail on my linux box, etc, etc
I can not see that being able to by pass it helps you in my scenario if a) you will be detected when you do bypass it because the law enforcers will discover they can't recover plaintext;
This implies a law against using any other form of crypto, period. If such a law is passable the exemption for PGP's protocol will really be immaterial. That is, Yes, under an extremely draconian regieme, extremely draconian things are possible. "Tinpotdictatorsville" is not a useful counterexample, because the TPD can mandate anything, including no use of crypto at all.
and b) you have a "choice" of not being able to communicate with anyone, because in practical terms you have a need to communicate.
Implies that *all* other forms of communication have been outlawed. Completely unrealistic. Adam, it is a complete and utter waste of time to debate this. What would *not* be a waste of time would be more concrete proposals. Whether PGP implements something is a separate question -- I would like to get back to the question of designing a better email encryption system. Your reencryption scheme fails because of the management of the short term encryption keys, among other things. Here's another approach I will toss out, without thinking through: How about formalizing superencryption, or tunneling? That is, treat CMR traffic as a transport medium for messages that are themselves already encrypted. The "key" idea here is to allow layering of non CMR traffic over CMR traffic. All the code for both is obviously already in PGP, with a little glue and perhaps some minor protocol mods... -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html