At 02:38 AM 10/27/1997 -0800, mark@unicorn.com wrote:
Really? I seem to recall Jon Callas saying my system 'redesigned CMR' but was simpler than theirs. The mere fact that CMR requires an enforcer implies that it's a convoluted and hasty design.
Not true - you can't implement CMR without a mail enforcer unless you can stop your employees from using non-CMR versions of PGP, which is nearly impossible. Even with an enforcer, of course, you can't stop the determined employee from double-encrypting and steganizing and otherwise getting their outbound bits past your enforcer looking like the baseball game narrative from Wayner's Mimic Functions or Pointy-Haired-Boss randomness, but they could also carry a floppy disk out the door or beam infrared out the window from their Newton. Similarly, on incoming mail, you can't stop people from sending your employees non-CMRed mail without an inbound-mail enforcer and can't stop your employees from reading it with their own warez. More importantly, though, PGP isn't a mail program, it's an encryptor, and if you're trying to stop people from sending encrypted mail back and forth, you've got to control the mail system as well as the encryptors, and you probably already _do_ control the mail system. Thanks! Bill Bill Stewart, stewarts@ix.netcom.com Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639