PGP Employee on MKR

mark at unicorn.com mark at unicorn.com
Fri Oct 24 04:55:36 PDT 1997 


>Mark, just remove the self signature on the user key. The message
>recovery key packet goes away! That's all you have to do. Is that
>so tough? This big threat, the dangerous CMR key, turns out to take
>two seconds of user actions to be destroyed. Something this easy to
>turn off will never be good enough for GAK.

Gosh, so I can just remove that packet and all my mail will bounce. What
fun. This seems to be one of the mantras which pro-PGP folks are chanting: 
'But there are easy ways to work around it, just modify your copy of PGP
and it will all work fine'. Indeed there are; I have no doubt that there
is no way that anyone could entirely prevent me from communicating privately
with a few people. But what happens when I want to check whether the local
Blockbuster have a copy of 'Debbie does Fort Meade'; will they have modified
their software so I can send mail to them without GMR? Of course not. So
99.9% of my mail will still be visible to the government.

>People say, "Oh, but then the government will make everybody run the
>policy enforcer and reject any mail not encryped to the government."
>First, if they were going to do this, they could do it with old versions
>of PGP too. Multiple recipients have been around practically forever.

*IT'S NOT THE MULTIPLE RECIPIENTS THAT ARE THE PROBLEM, IT'S BUILDING THE
'MANDATORY VOLUNTARY' MULTIPLE ENCRYPTION INTO EVERY COPY OF PGP WHICH IS
THE PROBLEM* This is the other mantra that PGP supporters chant 'Oh, but
it could all be done with PGP 2.6.2 and a few scripts'. Of course it could,
but only a few people would choose to use those filters. If the government
were to set up SMTP enforcers in various choke-points around the Net (and
I'm aware of the performance issues) then anyone using PGP would have to
encrypt to the 'voluntary' FBI key or lose their mail. The Feds aren't
going to issue every PGP user with scripts to do it, but if you build this
facility into the software they can use it.

>Second, it's a ridiculous idea which ignores how email works. More and
>more people are running systems at home which could send and receive
>SMTP mail. The trend is towards home servers which support the multiple
>home computers people will have in the next decade. There's no way to
>make those people run filters!

Duh, of course they won't. But that email will go out over a TCP link to
the SMTP port, where it can be checked on route by sniffers or proxies.
How did the Chinese and Singaporeans restrict Net access? By blocking
connections in the routers and Web proxies. This is the way to do it, not
to force everyone to run an SMTP enforcer on their personal machine. 

>It has to be suggested, because it's the only
>way this incredibly stupid scenario could be made to work. I can only
>assume that people are blinded by emotions or they wouldn't suggest such
>a bizarre idea.

Yes, I must be, mustn't I. I mean, the Feds would never pass a law 
mandating that all Internet providers must provide SMTP proxies which 
enforce the GMR and block other SMTP connections; after all, they never 
passed a law mandating that telephone companies must provide wiretap
access. Oh, they did, didn't they?

>If the only
>way the government can enforce GAK is by making it illegal for people to
>receive email through paths which don't pass through government filters
>we can all rest easy, because it will never happen.

Yes, which is why they won't do it that way. In my last job, any SMTP
access from my machine to any other on the Net was automatically routed
to our local SMTP server which acted as a proxy. Why can't the Feds do
this on the US Internet?

>Or superencrypt to the real end user, like you suggested in your scheme.
>Why is this OK as a privacy workaround for your idea but it doesn't
>count for PGP?

Firstly, that's not a "privacy workaround" in my system, it's to prevent
traffic analysis. Secondly, again it's a workaround which will only be
available to a small number of people. 

>Ignoring all the considerations above about what a stupid idea this is,
>the fact is that a simple filter like this is incredibly easy to write.

As I said before, the SMTP filter is not the evil aspect of your design,
it's the enforced encryption to multiple recipients.
 
>The fact is, nobody has come up with a scenario where PGP's CMR feature
>can be turned into GAK in any practical way. 

I just have. Now try to explain it away.

   Mark

More information about the cypherpunks-legacy mailing list