PGP 5.5 CMR/GAK: a possible solution

Anonymous nobody at REPLAY.COM
Wed Oct 22 09:05:21 PDT 1997



mark at unicorn.com writes:

> When a customer wishes to send email to Joe, he would use this public key.
> When encrypting, PGP would detect the tag and put up a dialog box pointing
> out that this is a corporate key and if they click on the 'confidential'
> button it will be encrypted to the user's personal key prior to encrypting
> to the corporate key (by which I mean superencryption, to avoid traffic
> analysis). The default would be not to superencrypt; and as a side effect
> this system would be compatible with any version of PGP for
> non-confidential mail (assuming that version understands the encryption
> algorithms in use). 

Neat, automatic superencryption.

Could the same idea work with the Pgp method with the CMR key?  You
would encrypt to the user first, then reencrypt to the combination
of user and CMR key.

Would this prevent GAK?







More information about the cypherpunks-legacy mailing list