Is PGP still private?

Adam Back aba at dcs.ex.ac.uk
Sun Oct 19 02:32:58 PDT 1997 



Anonymous writes:
> Kent Crispin <kent at songbird.com> writes:
> > Your reencryption scheme fails because of the management of the short
> > term encryption keys, among other things.
> 
> Wait a minute.  Didn't Adam abandon the reencryption idea and switch to
> key escrow?  

I didn't abandon it as such, but more recognised some dangers in a
system involving re-encryption and sending messages to backup servers
being twisted for government purposes.  But even re-encryption is more
resistant to GAK than PGP Inc's CMR.  The danger with re-encryption is
that the person the mail is being re-encrypted and sent to could be
changed to be the government.  However this presents more logistic
problems for the government than does the PGP Inc CMR method.

I switched to storage key recovery (not quite key escrow btw), because
I realised this was yet more resistant to being abused by governments.

The CDR (Corporate Data Recovery) proposal is that communications keys
would not be escrowed, and that messages would be only encrypted to
one key (the recipients key).  Those emails which were archived, and
which the user consider important could be encrypted with the
recovered key.  The recovery information would be stored locally and
the software would attempt were possible to make it difficult to move
the recovery information off the machine.

> Or did that one turn out to be a non-starter too?

No.  

I think it is practical.  I also think that it is more resistant to
government abuse (where the worst form of government abuse is mass
keyword scanning of all messages.)

I haven't seen anyone able to argue against these two claims.  I
encourage anyone who can see technical objections, or objections to
the claim that this design is more resistant to abuse to speak up.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`

More information about the cypherpunks-legacy mailing list