Anonymous writes:

Kent Crispin <kent@songbird.com> writes:

...

Your reencryption scheme fails because of the management of the short term encryption keys, among other things.

Wait a minute. Didn't Adam abandon the reencryption idea and switch to key escrow?

I didn't abandon it as such, but more recognised some dangers in a system involving re-encryption and sending messages to backup servers being twisted for government purposes. But even re-encryption is more resistant to GAK than PGP Inc's CMR. The danger with re-encryption is that the person the mail is being re-encrypted and sent to could be changed to be the government. However this presents more logistic problems for the government than does the PGP Inc CMR method. I switched to storage key recovery (not quite key escrow btw), because I realised this was yet more resistant to being abused by governments. The CDR (Corporate Data Recovery) proposal is that communications keys would not be escrowed, and that messages would be only encrypted to one key (the recipients key). Those emails which were archived, and which the user consider important could be encrypted with the recovered key. The recovery information would be stored locally and the software would attempt were possible to make it difficult to move the recovery information off the machine.

Or did that one turn out to be a non-starter too?

No. I think it is practical. I also think that it is more resistant to government abuse (where the worst form of government abuse is mass keyword scanning of all messages.) I haven't seen anyone able to argue against these two claims. I encourage anyone who can see technical objections, or objections to the claim that this design is more resistant to abuse to speak up. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`