CDR: Re: SF Internet self-defense course
Bill Stewart
bill.stewart at pobox.com
Wed Sep 13 04:35:01 PDT 2000
At 01:11 PM 8/29/00 +0200, Tom Vogt wrote:
>Tim May wrote:
>> >are you required to provide your private keys to an enemy (e.g. someone
>> >who is sueing you) ?
..
>> I expect 95% or more of all encryption is done at the transport
>> layer, i.e., for transmission. Most peoplee, I surmise, keep their
>> original compositions in unencrypted form and their decrypted
>> transmissions in that form, too. The perceived threat model is for
>> interception by ISPs, snoops, and government agencies.
>
>that's where good software comes in. mutt, for example, stores the
>received encrypted mail - well, encrypted. decryption is done when you
>view the mail. also, encrypted mails you send are encrypted twice - once
>with the receipient's key and sent to him, once with your key for your
>"outbox" archive.
The Eudora PGP Plug-In deliberately decrypts received mail
and stores it unencrypted, specifically to discourage the
"You must escrow your private keys so we can decode your plaintext"
attacks that the FBI/NSA/WhiteHouse anti-crypto mafia were pushing
a couple of years ago. That's a different issue from storing your
mailbox in a PGPdisk volume or some other encrypted filesystem
or having the mail decryptor re-encrypt for storage with a different key
(which wouldn't be that hard, since you could use a different
public key to encrypt the session key and leave the symmetric-encrypted
part of the message alone.)
Thanks!
Bill
Bill Stewart, bill.stewart at pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
More information about the cypherpunks-legacy
mailing list