[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fwd: PGP55]





Hallo Leute,

folgende Mail zu PGP 5.5 koennte Euch vielleicht interessieren 

viele Gruesse
Ingo




PGP Inc.'s timing was very unfortunate, and I've told them so in rather
heated language.  But the PGP 5.5 corporate message recovery features are
*not* key escrow or key recovery or trusted third party, and don't have
anything to do with these concepts. They are a forced Cc to a corporate
key. There is no back door, not escrow of user keys, no skeleton key, no
repository of anything.  It's a far more direct form of snooping, quite
frankly - a form that Congress would not dare try to mandate. That would
be the direct analog of making it illegal to make a phone call without
getting an FBI agent on the line first.  PGP's CMR features are an extreme
specialty measure for high-security or mission-critical corporate
circumstances of a particular kind, nothing more.  The intallation for PGP
5.5 Corporate Edition even warns against using these features unless
various extreme extra security measures are taken, since the CMR process
introduces new security problems.  It's a solution that certain does not
scale very well at all.

If congressfolks and anyone else who can make a difference are confusing
this with industry adoption of key escrow they are completely and totally
wrong and need to be corrected immediately. And in the case of any
Administration people trying to confuse them, they need to be corrected
publicly and with no mercy.


--
Stanton McCandlish                                           mech@eff.org
Electronic Frontier Foundation                           Program Director
http://www.eff.org/~mech    +1 415 436 9333 x105 (v), +1 415 436 9333 (f)
Are YOU an EFF member?                            http://www.eff.org/join