Article on PGP Viacrypt

Tom Jones A5113643667 at attpls.net
Fri Apr 5 03:22:08 PST 1996


Dear Cypherpunks,

----------------
Received: by attpls.net with Magicmail;3 Apr 96 09:19:59 UT
Date: 5 Apr 96 02:14:38 UT
Sender: owner-cypherpunks at toad.com (owner-cypherpunks)
From: owner-cypherpunks at toad.com (owner-cypherpunks)
Subject: Re: Article on PGP Viacrypt
To: walter at cithe302.cithep.caltech.edu (Chris Walter)
cc: cypherpunks at toad.com (Cypherpunks)
Message-Id: <199604030451.UAA06038 at slack.lne.com>
In-Reply-To: <<WALTER.96Apr2124421 at cithe302.cithep.caltech.edu> from
 "Chris Walter" at Apr 2, 96 08:44:20 pm>
X-X-AUTHENTICATION-WARNING: toad.com: majordom set sender to
 owner-cypherpunks using -f

I would have to agree that if businesses are to use PGP that "good" key
escrow MUST be provided.

Peace ..Tom

Chris Walter writes:
> 
> Hi Folks,
> 
> There is an interesting article by Simon Garfinkle in this
> morning's(Apr 2nd) electronic version of the San Jose Mercury news.
> Its on the index page so I don't think you need an account to read
> it.
> 
> The article deals with the new key management features and extensions
> in Viacrypt and how PRZ is upset since it allows employers to read
> their employees messages.

I read it this morning.
The gist is that this new evil PGP lets your employer
SPY ON EVERYTHING YOU DO!  And was written in about
that tone.

I was disappointed by the article.  I don't know if Simson
is deluded about the use of Viacrypt PGP, or the article got
hacked up by by ignorant/malicious editors, or my understanding of
Viacrypt PGP is competely wrong.

I thought the purpose to putting key escrow (that's real escrow
not GAK) into PGP was to allow its use for business purposes.
Often in business use you're not too concerned with keeping secrets
from
your employer or fellow employees, but do want to keep those
secrets within the company.  And there is a real concern that you
might encrypt company-secret stuff and then fall off your motorcycle
and get run over by a truck, leaving your securely-encrypted company
secrets suddenly inaccessable to the company...
Key escrow, with the keys held by the company, is designed to prevent
this problem.

The article failed to mention that you're not prevented from using
a non-escrow PGP for personal secrets (could Viacrypt PGP prevent
you from using PGP 2.6.2?  I don't think so) and made it sound
like Viacrypt PGP is designed to allow nosy employers to spy on
employees encrypted email.  I guess it would, if the employers were
that nosy and the employees dumb enough to use company-provided
escrowed PGP to send personal secrets.  But that theory's about
as credible as the Clipper chip proponents's "dumb crooks" theory
where crooks would want encrypted phones but be dumb enough to
forget that the Government held the keys...

Simson's the one main-line journalist who writes about internet
and computer issues that I still think has a clue, and has written
a pretty good book about PGP, so I'd be suprised if he got this
so wrong.  On the other hand, I haven't used this new Viacrypt PGP 
and I'm going on what I think that escrowed PGP is really good for.
Maybe my feeling about that have blinded me to reality.  Or, most
likely, the editor(s) hacked the story up either out of ignorance
or to present a viewpoint that they had already decided they want to
present, truth be damned.


If I wanted to present a conspiracy theory about the government
wanting to discourage use of PGP for businesses, this would be the
place to do it.  If PGP gains a foothold in the businessplace
it'll be nearly impossible to eradicate, given the fact that
(big) business essentially runs the country.  Key escrow will
make PGP a lot more usefull to businesses, increasing its use.
I'm sure you can fill in the rest of the theory.


> http://www.sjmercury.com/business/priv401.htm
> 


-- 
Eric Murray  ericm at lne.com  ericm at motorcycle.com 
http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E
27 29 AF


---
 NOTICE: This message originally included graphics and/or sounds which
can only be received by AT&T PersonaLink(sm) subscribers. You received
only the text portion(s) of the message.  Please contact the sender for
information that was deleted. To learn how to send and receive
graphics, voice and text messages via AT&T PersonaLink Services, call
1-800-936-LINK.  

----------------







More information about the cypherpunks-legacy mailing list