Michael Langer on Sat, 18 Oct 1997 18:58:07 +0200 (MET DST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> rumours on PGP 5.5

>From: fiff@fiff.GUN.de
>Date: Thu, 16 Oct 97 17:10:45 PDT
>PGP Inc.'s timing was very unfortunate, and I've told them so in rather
>heated language.  But the PGP 5.5 corporate message recovery features are
>*not* key escrow or key recovery or trusted third party, and don't have
>anything to do with these concepts. They are a forced Cc to a corporate
>key. There is no back door, not escrow of user keys, no skeleton key, no
>repository of anything.  It's a far more direct form of snooping, quite
>frankly - a form that Congress would not dare try to mandate. That would
>be the direct analog of making it illegal to make a phone call without
>getting an FBI agent on the line first.  PGP's CMR features are an extreme
>specialty measure for high-security or mission-critical corporate
>circumstances of a particular kind, nothing more.  The intallation for PGP
>5.5 Corporate Edition even warns against using these features unless
>various extreme extra security measures are taken, since the CMR process
>introduces new security problems.  It's a solution that certain does not
>scale very well at all.
>If congressfolks and anyone else who can make a difference are confusing
>this with industry adoption of key escrow they are completely and totally
>wrong and need to be corrected immediately. And in the case of any
>Administration people trying to confuse them, they need to be corrected
>publicly and with no mercy.
>Stanton McCandlish                                           mech@eff.org
>Electronic Frontier Foundation                           Program Director
>http://www.eff.org/~mech    +1 415 436 9333 x105 (v), +1 415 436 9333 (f)

#  distributed via nettime-l : no commercial use without permission
#  <nettime> is a closed moderated mailinglist for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@icf.de and "info nettime" in the msg body
#  URL: http://www.desk.nl/~nettime/  contact: nettime-owner@icf.de