What's really in PGP 5.5?
Adam Back
aba at dcs.ex.ac.uk
Wed Oct 8 17:15:26 PDT 1997
[cryptography snipped, Perry's killed the thread]
Jon Callas <jon at pgp.com> writes:
> At 08:48 PM 10/7/97 -0500, Bruce Schneier wrote:
> Jon Calis wrote:
> If this is true (and I have no reason to believe it isn't), then
> why is the key escrow code written (although not turned on) in
> the source code for 5.0 that was posted internationally from PGP?
>
> Bruce, I understand that you don't like any form of data recovery,
> but there is no key escrow in PGP. Perhaps we should talk about this
> on the phone.
Oooh. PGP Inc damage control mode on <clunk>!
We all would like to hear the reason too, Jon :-)
> Makes no sense.
Here are a couple of reasonably plausible ones:
- common source tree with #ifdefs for different products
- some functionality required even in non business version to inform
user about policy flag meanings
btw I didn't read the source code quoted so that second attempt at a
plausible reason might be a dud.
btw2: it isn't just Bruce that doesn't like key escrow.
btw3: your definition of "data recovery" is wrong.
Adam
--
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
More information about the cypherpunks-legacy
mailing list