PGP Employee on MKR
mark at unicorn.com
mark at unicorn.com
Thu Oct 30 06:00:49 PST 1997
I wrote:
> stewarts at ix.netcom.com wrote:
>
> > Not true - you can't implement CMR without a mail enforcer unless
> > you can stop your employees from using non-CMR versions of PGP,
> > which is nearly impossible.
>
> No, you can't enforce corporate snooping without a mail enforcer. You can
> meet the corporate demands which PGP claim to be supporting without a
> mail enforcer. There's a difference.
Actually, that's not entirely true. My suggested CMR replacement will
work happily with non-CMR versions of PGP; they would simply encrypt to
the default key, regardless of whether that was a group key or an
individual's key. Hence the corporation can choose how non-CMR versions
will interact by choosing whether to make the group key or the individual
key the default choice. This even gives users an incentive to upgrade,
rather than the current disincentive to downgrade to snoopware.
Of course it still doesn't enforce snooping, since you could just
seperate the individual key from the default group key and encrypt to
that.
Mark
More information about the cypherpunks-legacy
mailing list