network associates back in kra
subject says it all roll on gpg -- 1024/D9C69DF9 steve mynott steve@tightrope.demon.co.uk http://www.pineal.com/ if we knew what it was we were doing, it would not be called research, would it? - albert einstein
On Fri, 13 Nov 1998, Steve Mynott wrote:
subject says it all
roll on gpg
Well, They were automagically put back on the list when NAI bought TIS, this has no baring on PGP at all. Source code is in stores, and being scanned as we speak, the PGP developers would not let them initiate any KRAP stuff with pgp, they value there dignity and integrity. Max -- Max Inux <maxinux@openpgp.net> Hey Christy!!! KeyID 0x8907E9E5 Kinky Sex makes the world go round O R Strong crypto makes the world safe If crypto is outlawed only outlaws will have crypto Fingerprint(Photo Also): 259D 59F7 D98C CD73 1ACD 54Ea 6C43 4877 8907 E9E5
Steve Mynott writes:
subject says it all
roll on gpg
NAI rejoining KRAP would be something of a gift for any competitors of PGP producing PGP compabile replacements if there were any serious contenders. Or perhaps for S/MIME vendors, if they weren't already mostly KRAP members, or pretty neutral / prone to be bribed by defense contracts, and if S/MIME and PKIX weren't so hierarchical in design: I'm not sure S/MIME based offerings are much of an alternative because the hierarchical model, and ability of a CA to restrict what the end user can use keys for (not for certification for example), and generally inability to use clients without cert obtained from another KRA member -- verisign, all add up to bad news. The whole mess can be controlled by GAKkers via the CA, and the CAs are the target for example of the UK GAK attempt being led by the DTI (Department of Trade and Industry -- meant to be representing industry, but instead trying it's level best to put GCHQ / ECHELON interests ahead of business interests, as acknowledged by DTI winning Privacy International's hall of shame award.). To expand briefly on the UK (DTI) current proposal: it seems to be that they are trying to stack the deck by giving signatures made with a key certified by a UK government "licensed" CA given better recognition in law than signatures made by an unlicensed CA. The licensed CA doesn't have to escrow signatures keys, but if it does and provides any service relating to confidentiality keys also it must also keep private keys. (Deliverable to GCHQ / ECHELON within 1 hr 24 hours a day 365 days a year -- GAK on steroids). Someone on ukcrypto coined the phrase `licensed to leak' to express the government coerced baggage that goes with a licensed CA. Indeed roll on the GPG. Adam
participants (3)
-
Adam Back
-
Max Inux
-
Steve Mynott