PGP 5.5 CMR/GAK: a possible solution

[Tim May]

At 3:02 AM -0700 10/22/97, mark at unicorn.com wrote:

>The current system sends out a user's personal key, with a tag to say that
>if I don't encrypt to the company as well, my mail will bounce. But think
>about this: how often do I want to send email to a particular person in a
>company, and ensure that only they see it? And how often do I want to send
>mail to a particular group inside a company? All I want is to ensure that
>I get a response from the company, I usually don't care who I talk to in the
>process.

Our mileages apparently vary. When _I_ send a message to, say, Jon Callas
at PGP, Inc., it is to Jon Callas, not to others. It might be a job offer,
it might be an invitationf for him to help monkeywrench CMR, it might be a
stock tip, it might be a comment about a conversation we had a party, it
might be a lot of things.

If I was sending it to "Jon's coworkers in Department Z," I probably either
wouldn't encrypt it at all, or would (if the option existed) encrypt to
some departmental or group key.

In fact, addressing your "how often do I want to send email to a particular
person in a company, and ensure that only they see it?" point, I'd say that
virtually all I've sent is of this "to one person and not to others" sort.
Sure, sometimes I send bug reports to software vendors and to my ISP, and
then I don't know, or care, who reads it.

But if I send mail to Vinnie, or to Phil, or to Dave, or to Jon, I expect
it'll go to them and to them alone. Who they show it to afterwards is,
obviously, beyond my control and outside the scope of cryptography.

I don't dispute the "right" of a business owner to enforce use of CMR on
his employees, or to bounce my mail for failing to properly CMR the message
I send.

I expect those who adopt CMR will find an awful lot of folks will just give
up on trying to communicate with those living in a CMR regime. A lot of
folks will be using older, non-CMR, versions of PGP for many years to come.
(Even if older versions support the additional CMR keys, which I'm sure
they could do by adding the CMR key to the appropriate keyring, a lot of
folks will just skip the additional complexity...when they want to send a
message to someone, they won't want to bother with additional keys, bounced
messages, etc.)

Now what Phil, Vinnie, Dave, and Jon will likely do if CMR is enforced
within PGP, Inc. is to tell those who want to send them job offers,
personal messages, etc. to use back channels, e.g., prz at acm.org, AOL
accounts, hotmail accounts, etc.

So much for Corporate Message Recovery.

--Tim May



The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^2,976,221   | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."