PGP Employee on MKR

Lucky Green shamrock at cypherpunks.to
Thu Oct 23 13:09:40 PDT 1997 


I have watched this silly debate for some time now. PGP pulled an awsome
hack on corporate America, bringing strong crypto to thousands of
corporate drones,  while Cypherpunks, the crypto elite, seems incapable of  
reponding with anything other than to engage in frenzied mutual
masturbation fueld by GAK fantasies.

This is sad. Very sad.

--Lucky

On Thu, 23 Oct 1997 mark at unicorn.com wrote:

> 
> 
> A PGP Employee wrote:
> >> Unfortunately these people just don't get it. Corporations refused
> >> to buy 5.0 because it did not have any way for the corps to get at
> >> email encrypted to their employees. There are some very legitimate
> >> uses of this, such as when an employee dies and someone else has
> >> to take over for them.
> 
> No, PGP Inc 'just don't get it'. I'm sure that there are plenty of people
> out there who disagree with the entire concept of CMR, and I'm not very
> happy with it myself. But that's not the most important issue here.
> 
> Since this point just doesn't seem to get through to PGP Inc employees, I'm
> going to shout.
> 
> FORCING ENCRYPTION TO MULTIPLE KEYS FOR ONE RECIPIENT IS ONE STEP AWAY FROM
> GAK. FORCING ENCRYPTION TO MULTIPLE KEYS FOR ONE RECIPIENT IS ONE STEP AWAY 
> FROM GAK! FORCING ENCRYPTION TO MULTIPLE KEYS FOR ONE RECIPIENT IS ONE STEP 
> AWAY FROM GAK!! FORCING ENCRYPTION TO MULTIPLE KEYS FOR ONE RECIPIENT IS ONE 
> STEP AWAY FROM GAK!! !!!*FORCING ENCRYPTION TO MULTIPLE KEYS FOR ONE RECIPIENT 
> IS ONE STEP AWAY FROM GAK*!!!
> 
> Is that clear enough? Do you understand what I (and, apparently, Adam Back
> and others) am saying now? The problem is not so much with the fact that
> you're supporting company needs, but with the way you're doing so.
> 
> >> They also don't seem to realize that you always have the ability
> >> to remove the MRK from your list of recipients.
> 
> Just as government-supported rating schemes are purely voluntary and will
> be so for, oh, I don't know, a couple of years? Once the infrastructure is
> there, we need only an executive order to make it mandatory. If this 
> software ships in its current form and becomes the dominant player in the
> market, in four or five years all keys will be GMR keys with the FBI or
> NSA as one mandatory recipient. You 'privacy zealots' will have created the
> government's surveillance infrastructure. I hope you'll feel proud.
> 
> >> Sometimes I really feel like screaming at these people. _All_ of
> >> the developers at PGP are personal privacy zealots and no one
> >> likes the idea of the MRK. 
> 
> Good. Then reimplement it to avoid giving the government a GAK/GMR
> infrastructure. Yesterday I posted a modified version of PGP's CMR to
> the cypherpunks list which can't be used for GAK because it only encrypts
> to one key; Jon Callas just told me I'd 'redesigned PGP 5.5'. Cool. I've redesigned PGP 5.5 so that it can't support GAK; in that case, please 
> implement it, or accept that you're deliberately choosing to support the 
> thugs in governments around the world and have become part of the problem.
> 
> >> That is why we refuse to make them
> >> required. 
> 
> Just 'mandatory voluntary' for companies which have your SMTP enforcer
> enabled. What's the difference?
> 
> >> Most everyone at PGP has
> >> internalized personal privacy as a cause (actually most had it
> >> before they joined PGP).
> 
> So prove it. Stop working on creating a GMR/GAK infrastructure. The current
> PGP CMR system has numerous problems which many people have pointed out on
> the cypherpunks list, and you'd do better to solve those problems rather 
> than see them in a major New York Times article about '101 Ways PGP 5.5 
> Harms Company Security'. How long will PGP Inc last when it's reputation 
> for providing secure products is in tatters, because it chose to release a product which deliberately reduced company security and opened them to new threats, rather than redesign their CMR to remove these problems?
> 
> The current CMR implementation is bad for us, bad for PGP Inc's commercial
> customers, and bad for PGP Inc. Why is this so hard for you to accept? Why
> ship a bad product when you can fix the problems?
> 
>     Mark
> 
> 


-- Lucky Green <shamrock at cypherpunks.to> PGP encrypted email preferred.
   "Tonga? Where the hell is Tonga? They have Cypherpunks there?"

More information about the cypherpunks-legacy mailing list