At 11:42 AM 12/5/97 -0500, you wrote:

...

"The government's key recovery program is a complete violation of the individual's right to privacy and, in fact, compromises of the system are already taking place. This shows that key escrow is an untenable policy," said Bruce Schneier, one of the world's leading authorities on encryption and author of the book "Applied Cryptography". "SynData is paving the way for other software developers by taking a stand in opposition to the government and companies like Network Associates."

By "companies like Network Associates", do you mean "companies who are members of the Key Recovery Alliance" (http://www.kra.org)? If so, here are the "companies like Network Associates", in that regard: [Note RSA is a Charter Member]

This statement is seriously confusing Key Recovery and Key Escrow. They are NOT the same thing. Everybody knows what Key *Escrow* is and that it sucks. Key Recovery is *very* different in that are no databases kept of private keys. The website you mentioned (http://www.kra.org) contains some very good info on how Key Recovery works. I would like to see the source of Schneier's quote also, because I can't believe he could get the two confused. Wes Griffin wgriffin@glue.umd.edu

At 4:01 PM -0700 12/5/97, Adam Back wrote:

Wesley Griffin writes:

...

...

By "companies like Network Associates", do you mean "companies who are members of the Key Recovery Alliance" (http://www.kra.org)? If so, here are the "companies like Network Associates", in that regard: [Note RSA is a Charter Member]

This statement is seriously confusing Key Recovery and Key Escrow. They are NOT the same thing. Everybody knows what Key *Escrow* is and that it sucks.

You need to understand Newspeak to understand any crypto documents written by the government, or government toadies.

To them the key recovery, key escrow are just different PR terms to try to con people into going along with goverment backdoors in crypto software.

Yep. KRAP is just a variant of GAK. The talk about "court orders" shows the equivalence. There are subtle differences between various GAK schemes, ranging from the extreme of encrypting all communications and writings to a government key (an obvious non-starter) to the complicated LEAF stuff of Clipper to the more recent key escrow and KRAP schemes. Including that being pushed by PGP, Inc., er, "Network Associates." When the Key Recovery Alliance speaks of "legal court orders" for gaining access to KRAPped communications, one assumes this means the official government of Myanmar (Burma) will be using "legal court orders" to gain access to rebel communications. Next time Phil Z. speaks about the great usefullness of PGP in supporting freedom fighters in Myanmar, I hope he remembers to mention that Network Associates is committed to giving governments access to such communications. Provided the right legal orders are given, of course. It might be a nice gesture for Phil to fly to Rangoon to attend the funerals of the freedom fighters rounded up after their KRAP-compliant communications are decrypted by the Ministry of Social Harmony (with the right court orders, of course...wouldn't want KRAP to let unauthorized decryptions occur, would we?). The whole _point_ of encryption is to stop this kind of snooping. This is why we provided PGP to the freedom fighters working to expel the Zionists into the sea (though the Amerikan government calls these freedom fighters "terrorists," of course). And why White Aryan Resistance now uses PGP. (The point of crypto is that you can't pick who gets to use it and who doesn't.) With its 5.5 version, and especially with its absorbtion into Big Brotherish Network Associates, PGP has taken a major step toward irrelevance, and even perniciousness. This won't endear myself to Phil and my other colleagues at PGP, Inc. But I have to call it as I see it. Would they want me to pull my punches? The Phil Zimmermann I met several years ago surely would've spoken out against such things. In fact, he did. As recently as a year ago, in articles condemning ViaCrypt for its key recovery/escrow system. And, ironically, some of the things he blasted RSADSI for, such as charging for its crypto products, and not releasing a toolkit usable by all (RSAREF was for hobbyist uses only, much like the freeware versions of PGP), have close parallels with PGP, Inc.'s current views about charging for products, development toolkits, and so on. And, worse, PGP is "building in Big Brother," and when Network Associates finishes absorbing them.... Oh well. Earlier versions of PGP, and monkeywrenched versions of later versions of PGP, may be our best hope. (I can't say this will do a lot for sales of commericial versions, as we urge folks to widely deploy older, non-KRAP versions.) --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."