Interesting People mailing list archives
IP: Re: P Key Escrow and Congress
From: David Farber <farber () cis upenn edu>
Date: Thu, 16 Oct 1997 10:53:11 -0400
From: Stanton McCandlish <mech () eff org> Subject: Re: IP: PGP Key Escrow and Congress To: farber () cis upenn edu Date: Thu, 16 Oct 1997 03:45:27 -0700 (PDT) X-EFF-General-Info: info () eff org X-URL: http://www.eff.org/~mech X-Mailer: ELM [version 2.4 PL25] As someone who initiall reacted as Bruce Schneier did, but who later took a step back and examined the details of the new PGP system, I have to say that there is a lot of misunderstanding going on here. PGP 5.5 Corporate Edition does *not* do any form of key escrow. What it does instead is it forces users, if the company security admin so demands, to Cc a company key on any outgoing encrypted mail to a third party, and/or (these are separate options) reject incoming messages that are not Cc'd to that key. [Note: By "Cc" I don't mean the Internet email carbon copy, but an analogous carbon copying in the actual encryption process, in which another, company, key is added to the decryption-capable recipients list, before any sending via email takes place). There is *no* relationship between what PGP 5.5 does, and key "escrow"/"recovery" or "trusted third party" GAK systems. Rather, what PGP 5.5 can be forced to do is analogous to requiring that no phone call be made w/o a company security officer being on the line before the outside party can talk to the company grunt. The PGP install process is careful to note that this is an extreme measure that actually introduces new security risks. Any policymakers confusing this with GAK need to be disabused of this confusion immediately. There is *zero* connection between the two concepts, for any purposes relevant to FBI/NSA demands for GAK.[*] For a government to *mandate* a PGP 5.5-style system that provides govt. access is 100% analogous to a requirement that all phone calls must include an FBI agent on the line for surveillance purposes before the caller is connected to the callee. This is WAY beyond the pale of GAK, and something even Congress in its decidecly finite wisdom would not dare impose. Unless allowed to continue mistaking PGP 5.5. for GAK. [* Government access to keys, a.k.a key surrender, a.k.a. key "escrow" or "recovery", a.k.a. "trusted third party key systems".] -- Stanton McCandlish mech () eff org Electronic Frontier Foundation Program Director http://www.eff.org/~mech +1 415 436 9333 x105 (v), +1 415 436 9333 (f) Are YOU an EFF member? http://www.eff.org/join ************************************************** "Photons have neither morals nor visas" -- Dave Farber 1994 **************************************************
Current thread:
- IP: Re: P Key Escrow and Congress David Farber (Oct 16)
- <Possible follow-ups>
- IP: Re: P Key Escrow and Congress David Farber (Oct 16)