[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PGP will GAK im RfC verewigen

Kurz: PGP Inc. versucht nun auf der OpenPGP Arbeitsgruppe der IETF die
      mantantory GAK Träume in den zu schreibenden RfC zu binden. Auf der ML
      gibt es heftigen Protest, da die IETF in einer älteren Stellungnahme
      verbietet, weiche Verfahren und Methoden zu benutzen.

[Diskussion bitte nur auf krypto@rhein-main.de]

Message-ID: <199710110816.JAA00177@server.test.net>
From: Adam Back <aba@dcs.ex.ac.uk>
To: coderpunks@toad.com

[Even though this involves politics, it is highly relevant coderpunks
material as the arguments are very technically driven.  A lot of the
crypto literate cypherpunks have migrated to coderpunks/cryptography,
and feel this argument could use your, the coderpunks reader's, input]

So, this is just a short note to encourage those of you who are
concerned about PGP Inc's move to include GAK complaince to subscribe
to the IETF OpenPGP list by sending an email with body:

	subscribe ietf-open-pgp

to	<majordomo@imc.org>

A short summary of what the beef is in my view: On cypherpunks and
OpenPGP some of us have been arguing that PGP's method of implementing
a form of corporate message snooping results in GAK compliance in PGP
products.  PGP is attempting to persuade the IETF to include this GAK
compliance feature into the now IETF controlled OpenPGP standard.

The argument against their method (and there are other methods which
can implement their perceived business requirement for message
snooping) are that by putting GAK compliance into the OpenPGP
standard, we will have lost major ground in the fight against the US
administration's attempt to institute mandatory GAK.  Even if PGP is
sincere in their claim of never allowing use of their products for
mandatory GAK, there are competitors such as perhaps IBM, or TIS who
will be all too happy to implement the thus enabled OpenPGP compatible
mandatory GAK.

The opportunity to use the governments own strategy of enforcing
non-compliance to non-GAK products (as some of you will remember in
the Clipper IV software key escrow criteria of last year) in reverse
and make it non-compliant with the OpenPGP standard to implement GAK
is too good a monkey-wrenching opportunity for PGP Inc to throw away
lightly.  I feel this point may have major significance in the
on-going fight against GAK.

Thanks for your attention,

Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/D+/,`echo "16iII*oU@{$/=$z;[(pop,pop,unpack"H*",<>