Re: PGP 5.5 CMR/GAK: a possible solution
tcmay@got.net wrote:
Our mileages apparently vary. When _I_ send a message to, say, Jon Callas at PGP, Inc., it is to Jon Callas, not to others. It might be a job offer, it might be an invitationf for him to help monkeywrench CMR, it might be a stock tip, it might be a comment about a conversation we had a party, it might be a lot of things.
Hmm, as usual, you make a good point. The uses I was thinking of were the kind of uses that people have suggested as reasons for CMR; emailing orders, etc to companies. Today I rarely do that because telephoning companies is much easier, and in the future I'd expect to be sending most of them over the Web rather than by email. I presume these *are* the kind of uses that PGP Inc are expecting, since their system seems to have no other value except as snoopware.
If I was sending it to "Jon's coworkers in Department Z," I probably either wouldn't encrypt it at all, or would (if the option existed) encrypt to some departmental or group key.
Yep, which is basically what I was suggesting. The user chooses which key to use based on their perception of the sensitivity of the message, not the enforced company policy. If it's confidential, it's confidential; if the company think I'm up to no good they can come around and force me to decrypt a particular message, or sack me if I refuse. Their call.
I expect those who adopt CMR will find an awful lot of folks will just give up on trying to communicate with those living in a CMR regime.
Ditto, at least if it's PGP's current 'mandatory voluntary' snoopware design. I won't be running any version of PGP which includes this 'feature' in its current form; I would also suggest that we boycott any scanning and proofreading efforts for future versions of PGP which include this code, or remove it from the source before release. If PGP's commercial customers lose business as a result, that's their choice. Mark
At 6:59 AM -0700 10/23/97, mark@unicorn.com wrote:
tcmay@got.net wrote:
Our mileages apparently vary. When _I_ send a message to, say, Jon Callas at PGP, Inc., it is to Jon Callas, not to others. It might be a job offer, it might be an invitationf for him to help monkeywrench CMR, it might be a stock tip, it might be a comment about a conversation we had a party, it might be a lot of things.
Hmm, as usual, you make a good point. The uses I was thinking of were the kind of uses that people have suggested as reasons for CMR; emailing orders, etc to companies. Today I rarely do that because telephoning companies is much easier, and in the future I'd expect to be sending most of them over the Web rather than by email. I presume these *are* the kind of uses that PGP Inc are expecting, since their system seems to have no other value except as snoopware.
And things like purchase orders, contract negotiations, etc., are best handled by storing in plaintext. Communications security is just that: _communications_ security, not storage security. These sorts of items--purchase orders, etc.--will likely exist on employee machines in plaintext. Or encrypted to the storage key the employee is using. (Will PGP for Business deal with this reality in any meaningful way? This is the real "disaster planning" scenario, that Joe Employee's 4 GB hard drive is either fully encrypted, or is filled with encrypted files. With the increasing use of "open landscaping" in offices, machine security in cubicles is probably more important than communications security. At Intel I used to find my machines had sometimes been played with by the nightime shift....and I'd find sandwich wrappers and Coke cans in my trashcan, and crumbs, indicating that some swing or graveyard shift worker had used my office as his own little lunchroom. Were I still working, I'd certainly be encrypting my files against casual snooping. Or even industrial espionage snooping. And I wouldn't be using my communications key!)
If I was sending it to "Jon's coworkers in Department Z," I probably either wouldn't encrypt it at all, or would (if the option existed) encrypt to some departmental or group key.
Yep, which is basically what I was suggesting. The user chooses which key to use based on their perception of the sensitivity of the message, not the enforced company policy. If it's confidential, it's confidential; if the company think I'm up to no good they can come around and force me to decrypt a particular message, or sack me if I refuse. Their call.
I agree, but this doesn't seem to be the way PGP 5.5 and its Policy Enforcer will work. Users (senders from outside, like me) will not have the options you describe. My private message to Jon Callas will not get through to him unless I also encrypt to the Security Department's CMR key...and they may have some interesting questions for him about the content of my message! (Yes, as always, companies have the right to demand pretty much anything they please. No debate there. What we're arguing is the wisdom, on multiple fronts, of PGP, Inc. building in Big Brother like this.)
Ditto, at least if it's PGP's current 'mandatory voluntary' snoopware design. I won't be running any version of PGP which includes this 'feature' in its current form; I would also suggest that we boycott any scanning and proofreading efforts for future versions of PGP which include this code, or remove it from the source before release. If PGP's commercial customers lose business as a result, that's their choice.
I think a boycott of PGP's products is a distinct possibility, from what I'm hearing. --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
participants (2)
-
markļ¼ unicorn.com -
Tim May