Ryan Anderson wrote:

Okay - the only difference between this and a normal version of PGP is that it always encrypts to a certain key-id, in addition to all others.

That's the only weakness you'll see in it.

It's the only weakness that's needed to compromise all the keys.

So stop bitching about a feature that business is going to require before rolling out PGP to the whole enterprise.

I don't have any problem with the feature, only with the use of the PGP reputation capital to directly promote it. If they wanted to call it 'Pretty Corporate Privacy' then the name would reflect its purpose. Security, in regard to privacy, is an all-or-nothing issue. As such, I do not find it acceptable to apply the same standards of promotion and dissemination as with less important types of software. The fact of the matter is, the product has nothing to do with the privacy of the individual using it, only the privacy of the corporation. This is an important distincion which should not be subject to confusion with a product by the same name which is noted for providing a secure level of privacy for the individual. I would wager that promoting a false sense of security, or an incorrect view of the levels of security and trust involved in company software will do more damage than the occassional loss of keys will. Again, the product does not provide 'Pretty Good Privacy,' it does provide 'Pretty Corporate Privacy.' PrivacyMonger