I wrote:

stewarts@ix.netcom.com wrote:

...

Not true - you can't implement CMR without a mail enforcer unless you can stop your employees from using non-CMR versions of PGP, which is nearly impossible.

No, you can't enforce corporate snooping without a mail enforcer. You can meet the corporate demands which PGP claim to be supporting without a mail enforcer. There's a difference.

Actually, that's not entirely true. My suggested CMR replacement will work happily with non-CMR versions of PGP; they would simply encrypt to the default key, regardless of whether that was a group key or an individual's key. Hence the corporation can choose how non-CMR versions will interact by choosing whether to make the group key or the individual key the default choice. This even gives users an incentive to upgrade, rather than the current disincentive to downgrade to snoopware. Of course it still doesn't enforce snooping, since you could just seperate the individual key from the default group key and encrypt to that. Mark