(Fwd from f-c) Note from PGP employee on MRK

[Adam Back]

Declan <declan at well.com> forwards:
> >A friend of mine by the name of Jason Bobier <jason at pgp.com> happens
> >to work at PGP, Inc.  I'll preface his comments by pointing out that
> >I'm sure he doesn't speak for the company in any way.
> >
> >> Unfortunately these people just don't get it. Corporations refused
> >> to buy 5.0 because it did not have any way for the corps to get at
> >> email encrypted to their employees. There are some very legitimate
> >> uses of this, such as when an employee dies and someone else has
> >> to take over for them.

When someone dies, it seems to me that you are interested to get at
the archived email primarily, not the odd new emails which is
addressed to that employee.

Regardless, even if you did want to allow the company to be able to
spot check emails arriving for the employee it would simpler, to just
give the employees key to the company.  PGP employees seem to get
upset if you suggest giving companies copies of employess keys -- but
really what difference does it make if the company can read messages
addressed to you with their own key or with your key.

(Clearly in either case you can by pass the whole setup with
superencryption, or just by walking out of the building with a DAT
tape).

> >> Without corps buying the product, there is no PGP, Inc., and thus
> >> no dedication of resources to the production of PGP. This leads us
> >> back to the floundering state of development that PGP was in
> >> before 5.0.

Right.  So implement storage recovery, that's what the corp wants to
protect: data availability.

> >> They also don't seem to realize that you always have the ability
> >> to remove the MRK from your list of recipients.

However, in some circumstances this ability doesn't help you much:
because if the recipient is working for a company running pgp5.5 set
up strictly, it'll bounce your mail unless you keep the "MRK" on the
list of recipients.

> >> Sometimes I really feel like screaming at these people. _All_ of
> >> the developers at PGP are personal privacy zealots and no one
> >> likes the idea of the MRK. That is why we refuse to make them
> >> required. 

The SMTP policy enforcer which bounces mails which don't have extra
CMR crypto-recipients seems to fly in the face of your claimed
refusal.

Yes you can hack around it, yes it's optional, but PGP Inc wrote it,
and provides facilities to enforce this behaviour for those that chose
to use it in that mode.

> >> It is also why there still are freeware and personal
> >> versions of the product. 

pgp5.5 freeware/personal use also knows how to comply with CMR request
from someone using a company account with policy enforcer, and
strict settings.

> >> I wish they would just realize that we
> >> aren't some evil group of people that are solely plotting how to
> >> make the most money off of this. Most everyone at PGP has
> >> internalized personal privacy as a cause (actually most had it
> >> before they joined PGP).

I'm not sure that many people have accused PGP of being "evil" or
plotting to sell us out for money.

What many have said though is that there are better ways to implement
corporate data recovery disaster recovery procedures than PGP have
implemented; ways which are much more resistant to abuse by
government.

There isn't that much objection to companies having what ever access
they want; certainly not much for data recovery.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`