Re: What's really in PGP 5.5?
Jon Calis wrote:
Also, we have three encryption products: PGP freeware, PGP for Personal Privacy, and PGP for Business Security. Corporate Message Recovery is included *only* in PGP for Business Security. It is not, and never will be, in either the freeware or the Personal Privacy product.
If this is true (and I have no reason to believe it isn't), then why is the key escrow code written (although not turned on) in the source code for 5.0 that was posted internationally from PGP? Makes no sense. Bruce
http://simson.vineyard.net/clips/96.SJMN.PGPBusinessEdition.html .... PRETTY LOOSE PRIVACY [...] Published: April 2, 1996 BY SIMSON L. GARFINKEL .... That has not stopped Zimmermann from complaining loudly about the PGP name being used in a product that allows someone other than the author or the intended recipient access to information. Viacrypt owns the licensing rights to sell the commercial versions of PGP.
''PGP does not stand for back doors,'' said Zimmermann. ''I don't mind if they sell a program that has a back door in it, but they shouldn't call it PGP.'' [...] ''If your employer can read your mail anytime he wants, without your permission, that goes against the spirit of the PGP trademark,'' said Zimmermann.
********************************************************************** Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098 101 E Minnehaha Parkway, Minneapolis,MN 55419 Fax: 612-823-1590 http://www.counterpane.com
In the New York Times Cyber Edition I was quoted as saying that PGP 5.5's key escrow "sounds like everything the FBI ever dreamed of." Of course, that's an overstatement. The FBI certainly has bigger dreams, like making non-escrowed encryption illegal. But PGP's system certainly is key escrow. PGP, Inc. is splitting hairs, claiming that their system isn't key escrow because they don't keep copies of any keys. This may be true, but it's a difference that makes no difference. What the PGP system does is automatically encrypt a copy of the message key in the public key of the organization. This is more like the original Clipper Chip. If you remember, the Clipper Chip included a Law Enforcement Access Field in the ciphertext field; this field included the session key, encrypted in a secret law-enforcement key. PGP 5.5 essentially does this. You can think of the message key, encrypted in the public key of the organization, as the CAF (Corporate Access Field). And just as the Clipper Chip checked the validity of the LEAF before going into decrypt mode at the remote end, there is software at the SMTP server that check the validity of the CAF before allowing the encrypted e-mail to be sent. This isn't just key escrow; it's key escrow done well. Yes, this is only available in the Business Edition and not in the Personal Edition. Yes, the company has to decide to turn it on. Yes, the user is notified that this feature is turned on. But once it is turned on, the user cannot turn it off. This is not manditory key escrow (unless you are an employee of a company that decided it is manditory), but the FBI is not after manditory key escrow right now. They're willing to settle for voluntary. Then, in a few years, making it manditory can be spun as "closing a loophole." I agree with the 1996 Phil Zimmermann:
http://simson.vineyard.net/clips/96.SJMN.PGPBusinessEdition.html .... PRETTY LOOSE PRIVACY [...] Published: April 2, 1996 BY SIMSON L. GARFINKEL .... That has not stopped Zimmermann from complaining loudly about the PGP name being used in a product that allows someone other than the author or the intended recipient access to information. Viacrypt owns the licensing rights to sell the commercial versions of PGP.
''PGP does not stand for back doors,'' said Zimmermann. ''I don't mind if they sell a program that has a back door in it, but they shouldn't call it PGP.'' [...] ''If your employer can read your mail anytime he wants, without your permission, that goes against the spirit of the PGP trademark,'' said Zimmermann.
Key escrow = someone other than the author or the intended recipient of the message being able to decrypt it. There are valid reasons for data backup, but they have nothing to do with crypto key recovery. And there are absolutely no business reasons for manditory recovery of communications. We talked about all of this in our report on key recovery (http://www.crypto.com/key_study). Designing a system that is slightly different doesn't negate everything we said. I'm sorry, PGP, if I offended you. But that does not change the facts. Bruce ********************************************************************** Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098 101 E Minnehaha Parkway, Minneapolis,MN 55419 Fax: 612-823-1590 http://www.counterpane.com
At 08:48 PM 10/7/97 -0500, Bruce Schneier wrote: Jon Calis wrote:
Also, we have three encryption products: PGP freeware, PGP for Personal Privacy, and PGP for Business Security. Corporate Message Recovery is included *only* in PGP for Business Security. It is not, and never will be, in either the freeware or the Personal Privacy product.
If this is true (and I have no reason to believe it isn't), then why is the key escrow code written (although not turned on) in the source code for 5.0 that was posted internationally from PGP? Bruce, I understand that you don't like any form of data recovery, but there is no key escrow in PGP. Perhaps we should talk about this on the phone. Makes no sense. Bruce ----- Jon Callas jon@pgp.com Chief Scientist 555 Twin Dolphin Drive Pretty Good Privacy, Inc. Suite 570 (415) 596-1960 Redwood Shores, CA 94065 Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS) 665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)
[cryptography snipped, Perry's killed the thread] Jon Callas <jon@pgp.com> writes:
At 08:48 PM 10/7/97 -0500, Bruce Schneier wrote: Jon Calis wrote: If this is true (and I have no reason to believe it isn't), then why is the key escrow code written (although not turned on) in the source code for 5.0 that was posted internationally from PGP?
Bruce, I understand that you don't like any form of data recovery, but there is no key escrow in PGP. Perhaps we should talk about this on the phone.
Oooh. PGP Inc damage control mode on <clunk>! We all would like to hear the reason too, Jon :-)
Makes no sense.
Here are a couple of reasonably plausible ones: - common source tree with #ifdefs for different products - some functionality required even in non business version to inform user about policy flag meanings btw I didn't read the source code quoted so that second attempt at a plausible reason might be a dud. btw2: it isn't just Bruce that doesn't like key escrow. btw3: your definition of "data recovery" is wrong. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 08:48 PM 10/7/97 -0500, Bruce Schneier wrote: If this is true (and I have no reason to believe it isn't), then why is the key escrow code written (although not turned on) in the source code for 5.0 that was posted internationally from PGP? I just got through talking to one of the developers, and think I found what you're talking about, Bruce. In "pgp.c" of the Unix 5.0 published edition, there's some old Viacrypt code with a comment that says, 'This is our version of "Commercial Key Escrow"' but in fact just adds an additional recipient to the encryption list. It is not in any shipping PGP product. If there's anything to laugh about in all this, if you try to use the feature in the Unix freeware, it core-dumps. It doesn't appear at all in the Mac and Windows code. It's completely gone as of now. Jon -----BEGIN PGP SIGNATURE----- Version: PGP for Business Security 5.5 iQA/AwUBNDwkNn35wubxKSepEQJMvACfWZHVKkYswR9xLibuY8496a4GcaAAoNSB Yda/tOiQA1vLGocTL0N6XVj1 =LNYn -----END PGP SIGNATURE----- ----- Jon Callas jon@pgp.com Chief Scientist 555 Twin Dolphin Drive Pretty Good Privacy, Inc. Suite 570 (415) 596-1960 Redwood Shores, CA 94065 Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS) 665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)
I thought when Phil showed me the corporate access option that the user had the ability to remove that crypto-recipient by double clicking on it in the window which pops up listing all crypto-recipients. I may have been wrong. I agree with you that the danger is in allowing the gov't to claim that industry accepts GAK. If this product were released with a sticker on every copy to the effect that we citizens have always had a right to attempt to keep a secret from gov't via crypto, then I'd feel better. Meanwhile, aren't we overlooking the real issue here: that there are apparently companies obnoxious enough to tell you you are not allowed to send mail they can't read? Little Brother may be as bad as Big Brother. - Carl +------------------------------------------------------------------------+ |Carl M. Ellison cme@acm.org http://www.clark.net/pub/cme | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2| | "Officer, officer, arrest that man! He's whistling a dirty song." | +-------------------------------------------- Jean Ellison (aka Mother) -+
At 4:33 PM -0500 10/8/97, Jon Callas wrote:
At 08:48 PM 10/7/97 -0500, Bruce Schneier wrote: Jon Calis wrote:
Also, we have three encryption products: PGP freeware, PGP for Personal Privacy, and PGP for Business Security. Corporate Message Recovery is included *only* in PGP for Business Security. It is not, and never will be, in either the freeware or the Personal Privacy product.
If this is true (and I have no reason to believe it isn't), then why is the key escrow code written (although not turned on) in the source code for 5.0 that was posted internationally from PGP?
Bruce, I understand that you don't like any form of data recovery, but there is no key escrow in PGP. Perhaps we should talk about this on the phone.
Sure. Please call. Your CEO called me on Monday, and he tried to tell me that it wasn't key escrow because you weren't saving copies of any keys. If you're just going to call to split those sorts of hairs, don't bother. I'm interested in hearing how your key escrow system works; I've already been told why you put it in. Bruce ********************************************************************** Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098 101 E Minnehaha Parkway, Minneapolis,MN 55419 Fax: 612-823-1590 http://www.counterpane.com
participants (4)
-
Adam Back -
Bruce Schneier -
Carl M. Ellison -
Jon Callas