What's really in PGP 5.5?
-----BEGIN PGP SIGNED MESSAGE----- Jon Callas wrote:
I have a number of comments about the New York Times article on PGP 5.5 for Business of which Martin Minow sent a synopsis.
If we had built what they said we had, then we'd deserve of all the derision people have directed at us. But we didn't. The New York Times got it flat wrong.
In your long message I was unable to locate an area in which the New York Times "got it flat wrong". If anything, your post was more alarming than the newspaper article.
This downside is particularly insidious for a number of reasons. First, without fixing that problem, strong cryptography will be in some sort of limbo. You want to use it to protect your valuable information, but you won't want to use it for any information that's *too* valuable, because it's easily lost. Crypto-protected information is fragile, and this fragility could hurt its widespread deployment.
What you call "fragility" is properly called "security". Would you describe 128-bit keys as more "fragile" than 40-bit keys? Why is PGP, Inc. inventing propaganda terms for the authorities?
Data recovery is useful for a number of things. Perhaps you lost your passphrase. Or data might have been encrypted by an employee or co worker who was in an accident. (As an aside, fifteen years ago, the architect of a product I worked on was in a severe car wreck. He was not killed, but suffered brain damage and has never returned to work.) Your spouse might need access to financial records. Everyone, be they an individual, business, or coporation has a right to having their data protected, and protection not only means being able to put it into a safe, but getting it out of that safe later.
It is fascinating to me that every example you use does not involve decrypting transmitted messages. Yet, that is the feature which is under discussion. The demand for the ability to decrypt encrypted messages in the corporate environment can easily be measured with this test: how many companies have a policy that requires employees to record all outgoing mail?
(6) It must also provide a response to those who would regulate crypto in the name of public safety.
This is a red herring. Nobody has been talking about regulating cryptography as a matter of public safety in a serious way. Why is PGP, Inc. posing non-threats to justify its actions? Probably because its actual, all too obvious, motivations are unpalatable to the cypherpunks and probably to most of its customers and supporters. They are not unpalatable to Big Brother, however. I suggest that in the future we do not meet at the PGP, Inc. headquarters and that we do not treat this company as a trustworthy ally. Monty Cantsin Editor in Chief Smile Magazine http://www.neoism.org/squares/smile_index.html http://www.neoism.org/squares/cantsin_10.html -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBNDsgSpaWtjSmRH/5AQG/pwf+LBO0ynwGeLLJipuWTIfoE9n7xvBJeXD4 od4Q7NYMZl/UfbudynBHMKGI0/xrhVhC1lmJlXXu+/mbBK2K1H0X9EMILQqpxhM4 RJd5ndR1BI0dpoRZX4+6PRq2mRi3lspvvXp3UkL4bKR8MpCqVJNcpluunMtBgIzh WoxXjw2GzVnbPiWoHhS/TIdQNSvubBCYBsje5rOKc71yQj86ymUzKLovX6O7j/dD eIjlJZTuP+AemEyG6FD5dyXQV7qdcxKwDG9G4ka813NHl88LU0Nc1JcM4aPATgfh 4cZhgppUvZqSGwd0QpxYb/OduE/adCuqmyrubMumc3SqTKRjPdLyBA== =f9J+ -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- At 03:26 AM 10/8/97 -0400, Anonymous wrote:
This downside is particularly insidious for a number of reasons. First, without fixing that problem, strong cryptography will be in some sort of limbo. You want to use it to protect your valuable information, but you won't want to use it for any information that's *too* valuable, because it's easily lost. Crypto-protected information is fragile, and this fragility could hurt its widespread deployment.
What you call "fragility" is properly called "security". Would you describe 128-bit keys as more "fragile" than 40-bit keys? Why is PGP, Inc. inventing propaganda terms for the authorities?
Okay, call it security but the point is, if you're protecting documents vital to your company using encryption (say the design of a new product) and the person who knows the passphrase dies, you've just lost a great deal of money. PGP for Business Security gives the business a way to have a backup key that can read that person's information. Frankly, it might not be able to read anybody elses, from the description given. This is a feature that any business (that understands encryption) will want. They can easily store the secret keys of the other id someplace secure, and never retrieve them until someone dies. Disavow knowledge of them to government, etc. heck, the keys can even be in the primary person's posession. (Perhaps stored in a safe-deposit box, or without a passphrase, etc.)
Data recovery is useful for a number of things. Perhaps you lost your passphrase. Or data might have been encrypted by an employee or co worker who was in an accident. (As an aside, fifteen years ago, the architect of a product I worked on was in a severe car wreck. He was not killed, but suffered brain damage and has never returned to work.) Your spouse might need access to financial records. Everyone, be they an individual, business, or coporation has a right to having their data protected, and protection not only means being able to put it into a safe, but getting it out of that safe later.
It is fascinating to me that every example you use does not involve decrypting transmitted messages. Yet, that is the feature which is under discussion.
Amazingly, he gave an example where, had encryption been used, the project would have stopped, and restarted because the person with the keys was incapacitated. Are you just being combative here?
The demand for the ability to decrypt encrypted messages in the corporate environment can easily be measured with this test: how many companies have a policy that requires employees to record all outgoing mail?
Well, any company giving stock advice (and governed by SEC rules on stock tips, etc.) is already require to have all outgoing mail approved (e-mail and snail), so does it matter if they record it or not? -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQCVAwUBNDuE6Tc3ytqHnNyNAQFzTQP/cLBt7fwDLXHyVecvoB3U1y0aRNXA22IH Eceiuc4itfZjRG4mwokIzrTnhIUeEqF5BommDqDwdXxg/re1JMYETj4v9apD47Lt nIFVc+mNvKVDQOLtp9cETgepm76IqgHUWZgQxKkgTFtANM5IxXn8IkI51ATd2A3E hj4npnS3bYQ= =0Ib2 -----END PGP SIGNATURE----- ----------------------------------------------------------------------- Ryan Anderson - <Pug Majere> "Who knows, even the horse might sing" Wayne State University - CULMA "May you live in interesting times.." randerso@ece.eng.wayne.edu PGP Fingerprint - 7E 8E C6 54 96 AC D9 57 E4 F8 AE 9C 10 7E 78 C9 -----------------------------------------------------------------------
Ryan Anderson <randerso@ece.eng.wayne.edu> writes:
What you call "fragility" is properly called "security". Would you describe 128-bit keys as more "fragile" than 40-bit keys? Why is PGP, Inc. inventing propaganda terms for the authorities?
Okay, call it security but the point is, if you're protecting documents vital to your company using encryption (say the design of a new product) and the person who knows the passphrase dies, you've just lost a great deal of money.
Not at all. People seem to be forgetting that we're talking about email security here. Email isn't that reliable. Email goes missing now and then. Your DNS is out, the receivers mail hub has a glitch and swallows it, whatever. Are you really claiming that you will have email in transit which is so valuable that your whole company will be in jeopardy if the intended recipient dies unexpectedly? More likely: you get the sender to resend it. Don't confuse the issues surrounding need for backup of storage keys with communications keys. There is a definate need to take care to have backups of keys used to encrypt backups and disks. Not so for communications keys. I gave some alternative GAK unfriendly ways of archiving email in my longer reply to PGP's Jon Callas defensive article on the NYT article.
Well, any company giving stock advice (and governed by SEC rules on stock tips, etc.) is already require to have all outgoing mail approved (e-mail and snail), so does it matter if they record it or not?
If a company has a policy of approving outgoing email, I'd argue for a two tiered system. One for "official statements" which is approved, archived, signed with a transferable non-repudiable signature. And one for unofficial communications, signed with a non-transferable signature, and perhaps delivered via mixmaster. The way to archive your outgoing email is not to have the email in transit encrypted to an extra recipient. The way to do it is to archive sent mail in the senders MUA or at least internal to the senders offices. You will notice that this then involves storage keys, which the GAKkers aren't interested in. Why aren't they interested in access to storage keys? Because they would have to issue a supeona and take the disks away before they would have any use for them. At that stage they'd just as well list the keys to decrypt anything which is encrypted on the disks they seize. The reason the GAKkers want access to communications keys is so that they can read your email without you knowing. So they can go on fishing expeditions and use the evidence by saying that "an unanmed source" tipped them off, etc. By implementing GAK for corporates in such a GAK friendly way, PGP Inc has helped the GAKkers. I would be interested to persuade them to change their architecture for archiving sent and received email. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
At 08:55 AM 10/8/97 -0700, Tim May wrote:
Well, any company giving stock advice (and governed by SEC rules on stock tips, etc.) is already require to have all outgoing mail approved (e-mail and snail), so does it matter if they record it or not?
Could you give me some cites for this rule?
My own stock broker seems to be sending me stuff on the spur of the moment, so unless he has a government agent sitting in his office approving these notes he sends me, there is no "outgoing mail approved (e-mail and snail)" situation.
I believe I read that in Infoworld or ComputerWorld (within the last month, maybe 2) The rules that the SEC had for snail mail (for brokers/traders I believe), in that all mail had to be approved by someone in the company now apply to e-mail. I don't save my copies of Infoworld or Computeworld anymore (too much paper) so I can't look it up easily for you.
(They can try to get a warrant if they think I've violated the insider trading or other securities laws. But no "approval" is needed, nor of course is any escrow of keys required.)
Oh, I see where I was a bit unclear in my original statement. This rule only applies to the brokerage firms (I think I've got the right terms there, if not, the general idea should be clear)
(When I was Intel, we didn't have crypto. But if we did, the real concern would be encryption of lab notebooks, documents on disk, etc., not my communications with outsiders. These are the files which would vanish were I to be hit by a truck. As we have discussed many times, how does escrowing the _channel_ key (Alice sending to Bob) solve the "hit by a truck" problem?)
What, you don't encrypt your lab book to yourself (and sign it) with your public key? Easier than remembering another symmetric key, and allows you to keep a the recovery key in use. ----------------------------------------------------------------------- Ryan Anderson - <Pug Majere> "Who knows, even the horse might sing" Wayne State University - CULMA "May you live in interesting times.." randerso@ece.eng.wayne.edu PGP Fingerprint - 7E 8E C6 54 96 AC D9 57 E4 F8 AE 9C 10 7E 78 C9 -----------------------------------------------------------------------
At 6:04 AM -0700 10/8/97, Ryan Anderson wrote:
Well, any company giving stock advice (and governed by SEC rules on stock tips, etc.) is already require to have all outgoing mail approved (e-mail and snail), so does it matter if they record it or not?
Could you give me some cites for this rule? My own stock broker seems to be sending me stuff on the spur of the moment, so unless he has a government agent sitting in his office approving these notes he sends me, there is no "outgoing mail approved (e-mail and snail)" situation. Further, I dispense stock advice on occasion, and can, like all persons, be charged with insider trading, violations of SEC rules, etc., under the right circumstances. And yet my mail, e-mail or USPS, is _not_ subject to "approval." Being subject to SEC rules does not mean prior approval, or cc:ing of mail to the SEC, etc. (They can try to get a warrant if they think I've violated the insider trading or other securities laws. But no "approval" is needed, nor of course is any escrow of keys required.) I won't comment on the very long post Jon Callas so thoughtfully prepared for us....it's too long for casual comment. My initial glance at it suggests that it addresses problems most businesses don't perceive to have. (When I was Intel, we didn't have crypto. But if we did, the real concern would be encryption of lab notebooks, documents on disk, etc., not my communications with outsiders. These are the files which would vanish were I to be hit by a truck. As we have discussed many times, how does escrowing the _channel_ key (Alice sending to Bob) solve the "hit by a truck" problem?) --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
participants (4)
-
Adam Back -
Anonymous -
Ryan Anderson -
Tim May