Re: PGP Employee on MKR
whgiii@invweb.net wrote:
No their system does not. For what the FBI and NSA want much more needs to be done.
Really? Read the message I sent after that one. Let's suppose it's 2007, PGP have 99% of the crypto market. CMR compatibility is incorporated into all their products. The FBI announce that from today all Internet providers must support PGP SMTP enforcers on all mail passing across their links, and block all other SMTP connections. Regardless of whether your mail is spooled on your ISP's hard disk, it will always pass through their link. All encrypted mail must now be encrypted to the FBI's key as well as the end user's key or it will bounce. So, tell me why "much more needs to be done". Tell me again why this can't be implemented. The only reason it *can* be implemented is that PGP build the feature into their software.
Not to mention that *ANY* crypto system can be turned into GAK if the FBI & NSA get congress to pass the laws that they want.
Yes, but PGP WANT TO BUILD THIS INTO EVERY SYSTEM THEY SELL!!!!! I don't care that any Perl hacker can write a script which builds CMR into PGP 2.6.2, because those scripts are restricted to those who wish to use them. PGP ARE BUILDING THE FUNCTIONALITY INTO EVERY PRODUCT THEY SELL!!!! How hard is this to grasp?
What PGP Inc. did was provide what their *customers* , you know the ones that pay their bills and keep them in business, wanted in a timely fashion with little modification to their current code while circumventing some of the more draconian requests.
Really? Did their customers ask specifically for PGP's flawed CMR implementation, or did they actually say things like 'Well, we want to be able to recover mail if someone dies or leaves the company'? If it's the latter, don't you think that PGP should take responsibility for implementing it in such a GAK-friendly way? You seem be repeating the other pro-PGP mantra 'oh, you're not thinking of the company's point of view'. I certainly am, which is why I want to see that they get the best, most secure system without any GAK-friendly features. Here's a quick example of how cool CMR is... let's suppose that loser@foo-bah.com upsets a customer and is working for a CMR corporation. Mr Irate Customer downloads some of that kiddie porn that we're told is all over the Net, and encrypts it to loser@foo-bah.com, but doesn't encrypt it to the company key. Mr Irate Customer mails hundreds of these images to loser@foo-bah.com. Their system bounces them. The security personnel at foo-bah.com notice all these bounces and snarf some of the messages. The security personell take these messages to Mr Loser, and force him to decrypt them. Shock, horror, what a hideous, insane pervert Mr Loser must be to be receiving all these messages. Mr Loser is handed over to the cops and taken away. He might not go to jail, but he'll lose his job. With a more rational implementation Mr Loser would receive the messages and see that they're obscene, and immediately report them to the security personnel who could track down the sender. But when the security personnel find them first, they immediately assume that Mr Loser asked for them. Now, if you want to be able to get people sacked, this is cool. If you work for a company with CMR, this is really bad. It is also unneccesary.
These are the important questions we should be asking and noone on the pro-PGP side seems interested in answering them. Why?
They have been answered time and time again, you just have not been interested in listening.
They have not. All we've heard are 'oh, don't worry, it can't happen, be happy' assurances with no basis in fact. Is it any wonder we aren't listening?
If this is such a life and death issue why don't you and some of the other Cypherpunks Philosopher Kings get off your armchair quarterbacking write, test, debug, and *market* your superior system??
Duh, because PGP has name recognition, and because by the time it was finished they'd already have a large part of the market. But note: I'll be very surprised if PGP CMR gets into the OpenPGP spec. Which means that any other compliant implementation of PGP will not be compatible with CMR.
Perhaps because the majority of the "PGP Inc is evil" crowd here couldn't make a buck in the business world if their lives depended on it.
Oh sure, ad hominem, ad hominem. What the hell do you think I do all day? Why the hell do you think I'm spending so much time trying to show people what CMR's problems are when I could be making money?
I also find it interesting how there is "much weeping gnashing of teeth" over PGP 5.5 , which does nothing that couldn't be done with 2.6, while Netscape, RSA and the S/MIME crowd put weak crypto on every desktop??
Better weak crypto than GAK. Key-lengths can be increased, government surveillance infrastructure cannot easily be removed. Mark
On Fri, Oct 24, 1997 at 06:13:55AM -0700, mark@unicorn.com wrote:
whgiii@invweb.net wrote:
No their system does not. For what the FBI and NSA want much more needs to be done.
Really? Read the message I sent after that one. Let's suppose it's 2007, PGP have 99% of the crypto market. [...]
Probabilty: 0% Next argument:
Here's a quick example of how cool CMR is... let's suppose that loser@foo-bah.com upsets a customer and is working for a CMR corporation. Mr Irate Customer downloads some of that kiddie porn that we're told is all over the Net, and encrypts it to loser@foo-bah.com, but doesn't encrypt it to the company key. Mr Irate Customer mails hundreds of these images to loser@foo-bah.com. Their system bounces them. The security personnel at foo-bah.com notice all these bounces and snarf some of the messages.
The security personell take these messages to Mr Loser, and force him to decrypt them. Shock, horror, what a hideous, insane pervert Mr Loser must be to be receiving all these messages. Mr Loser is handed over to the cops and taken away. He might not go to jail, but he'll lose his job.
With a more rational implementation Mr Loser would receive the messages and see that they're obscene, and immediately report them to the security personnel who could track down the sender. But when the security personnel find them first, they immediately assume that Mr Loser asked for them.
Words fail me. This is completely idiotic. -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html
I agree that draconian crypto laws are afoot, but I don't discount the power of constitutional challenges. At 6:13 AM -0700 10/24/97, mark@unicorn.com wrote:
Really? Read the message I sent after that one. Let's suppose it's 2007, PGP have 99% of the crypto market. CMR compatibility is incorporated into all their products.
The FBI announce that from today all Internet providers must support PGP SMTP enforcers on all mail passing across their links, and block all other SMTP connections. Regardless of whether your mail is spooled on your ISP's hard disk, it will always pass through their link. All encrypted mail must now be encrypted to the FBI's key as well as the end user's key or it will bounce.
So, - the client who communicates with his lawyer must encrypt to the government's key, allowing the government to read the traffic at any time - the penitent who confesses electronically (such services already exist) will be confessing to the government - a patient and doctor who discuss private medical conditions will be discussing them with the Thought Police - a confidential source who reveals information to a journalist will also be revealing it to the government And so on, for the usual laundry list of problems with warrantless searches and widespread surveillance. These are just some of the most readily-understandable problems. Will a "must encrypt to government key" provision pass constitutional muster? I don't think so. So long as the First and Fourth (and the Fifth may apply, too) Amendments remain in force, compelling a person to speak in certain ways and monitoring what he says privately without a proper court order is unconstitutional. At least the convoluted stuff in Clipper about "LEAF" fields, splitting of keys between agencies, proper court orders, etc., had the "fig LEAF" of protecting some basic constitutional rights. A straight "encrypt to the government's key" is too crude to withstand any court scrutiny. I'm obviously not a lawyer, let alone a constitutional scholar, but I think I'm solid footing here. A crude, blanket order to include the government in all communications would absolutely be struck down as a chilling of speech (political or otherwise) and as an unlawful search and seizure of one's papers. In other nations, ignore the above analysis. --Tim May
So, tell me why "much more needs to be done". Tell me again why this can't be implemented. The only reason it *can* be implemented is that PGP build the feature into their software.
Not to mention that *ANY* crypto system can be turned into GAK if the FBI & NSA get congress to pass the laws that they want.
Yes, but PGP WANT TO BUILD THIS INTO EVERY SYSTEM THEY SELL!!!!! I don't care that any Perl hacker can write a script which builds CMR into PGP 2.6.2, because those scripts are restricted to those who wish to use them. PGP ARE BUILDING THE FUNCTIONALITY INTO EVERY PRODUCT THEY SELL!!!!
How hard is this to grasp?
What PGP Inc. did was provide what their *customers* , you know the ones that pay their bills and keep them in business, wanted in a timely fashion with little modification to their current code while circumventing some of the more draconian requests.
Really? Did their customers ask specifically for PGP's flawed CMR implementation, or did they actually say things like 'Well, we want to be able to recover mail if someone dies or leaves the company'? If it's the latter, don't you think that PGP should take responsibility for implementing it in such a GAK-friendly way?
You seem be repeating the other pro-PGP mantra 'oh, you're not thinking of the company's point of view'. I certainly am, which is why I want to see that they get the best, most secure system without any GAK-friendly features.
Here's a quick example of how cool CMR is... let's suppose that loser@foo-bah.com upsets a customer and is working for a CMR corporation. Mr Irate Customer downloads some of that kiddie porn that we're told is all over the Net, and encrypts it to loser@foo-bah.com, but doesn't encrypt it to the company key. Mr Irate Customer mails hundreds of these images to loser@foo-bah.com. Their system bounces them. The security personnel at foo-bah.com notice all these bounces and snarf some of the messages.
The security personell take these messages to Mr Loser, and force him to decrypt them. Shock, horror, what a hideous, insane pervert Mr Loser must be to be receiving all these messages. Mr Loser is handed over to the cops and taken away. He might not go to jail, but he'll lose his job.
With a more rational implementation Mr Loser would receive the messages and see that they're obscene, and immediately report them to the security personnel who could track down the sender. But when the security personnel find them first, they immediately assume that Mr Loser asked for them.
Now, if you want to be able to get people sacked, this is cool. If you work for a company with CMR, this is really bad. It is also unneccesary.
These are the important questions we should be asking and noone on the pro-PGP side seems interested in answering them. Why?
They have been answered time and time again, you just have not been interested in listening.
They have not. All we've heard are 'oh, don't worry, it can't happen, be happy' assurances with no basis in fact. Is it any wonder we aren't listening?
If this is such a life and death issue why don't you and some of the other Cypherpunks Philosopher Kings get off your armchair quarterbacking write, test, debug, and *market* your superior system??
Duh, because PGP has name recognition, and because by the time it was finished they'd already have a large part of the market. But note: I'll be very surprised if PGP CMR gets into the OpenPGP spec. Which means that any other compliant implementation of PGP will not be compatible with CMR.
Perhaps because the majority of the "PGP Inc is evil" crowd here couldn't make a buck in the business world if their lives depended on it.
Oh sure, ad hominem, ad hominem. What the hell do you think I do all day? Why the hell do you think I'm spending so much time trying to show people what CMR's problems are when I could be making money?
I also find it interesting how there is "much weeping gnashing of teeth" over PGP 5.5 , which does nothing that couldn't be done with 2.6, while Netscape, RSA and the S/MIME crowd put weak crypto on every desktop??
Better weak crypto than GAK. Key-lengths can be increased, government surveillance infrastructure cannot easily be removed.
Mark
The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
* Tim May wrote:
- a patient and doctor who discuss private medical conditions will be discussing them with the Thought Police [...] Will a "must encrypt to government key" provision pass constitutional muster? I don't think so.
In common enviroments smartcards are used for the example above. Those smartcards can be only obtained by TTPs, which generate the key pair and press the secret part on the card. In several countries these TTP are required to store these private keys for gouvernmental access. Shure, it's constitutional. You will need a court order to read a special message with the revealed secret key. It does not harm, that policy may able to read all previous messages, if they are stored, because this can't happen. The police is forbitten to do so.
Tim May <tcmay@got.net> writes:
I agree that draconian crypto laws are afoot, but I don't discount the power of constitutional challenges.
So long as the First and Fourth (and the Fifth may apply, too) Amendments remain in force, compelling a person to speak in certain ways and monitoring what he says privately without a proper court order is unconstitutional.
At least the convoluted stuff in Clipper about "LEAF" fields, splitting of keys between agencies, proper court orders, etc., had the "fig LEAF" of protecting some basic constitutional rights. A straight "encrypt to the government's key" is too crude to withstand any court scrutiny.
The Clipper set up claimed to have split databases. I wonder. Secret splitting is being described as a possibility for pgp6.0. Perhaps they'll use: thoughtpolice1@nsa.gov thoughtpolice2@nsa.gov as the two half GMR fields. And they'll promise not to combine the two halves without a court order (except for national security purposes, of course). Naturally a court would never violate lawyer client confidentiality, etc., so they might argue this was constitutionally ok.
I'm obviously not a lawyer, let alone a constitutional scholar, but I think I'm solid footing here. A crude, blanket order to include the government in all communications would absolutely be struck down as a chilling of speech (political or otherwise) and as an unlawful search and seizure of one's papers.
An example of a somewhat analogous setup was the digital telephony wiretapping order. That was passed. Not struck down yet (though floundering because it cost way more money than the Feds claimed it would). What about lawyer client confidentiality over telephone? They would argue I suppose that you had insufficient expectation of privacy? Perhaps they would use similar arguments to say that it's not a problem for the same access to emails. And anyway, since when has unconstitutionality meant anything to politicians, law enforcement agents, and spooks. What about guns, hmm. That one was clear enough in the constitution if anything ever was, and yet the USG is slowly headed the same way as the UK government. CDA got struck down which was good, but unconstitutionality doesn't seem to be adequate protection. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
At 07:43 PM 10/24/1997 +0100, Adam Back wrote:
The Clipper set up claimed to have split databases.
The NSA claimed that, but the chip itself didn't implement it - all of that was external to the chip, and even if you believe that the NSA wasn't cheating at first by keeping both halves in one place, all they need to do is change their own rules and then they can start. Doing secret-sharing is important, and it's often hard to find a good algorithm to implement it; using the regular secret-sharing method to reconstruct the one key needed to feed into your program means your program really only uses one key... Thanks! Bill Bill Stewart, stewarts@ix.netcom.com Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
participants (6)
-
Adam Back -
Bill Stewart -
Kent Crispin -
lutz@taranis.iks-jena.de -
mark@unicorn.com -
Tim May