- To: fiff-l@dia.informatik.uni-stuttgart.de
- Subject: PGP55
- From: fiff@fiff.GUN.de
- Date: Thu, 16 Oct 97 17:10:45 PDT
Hallo Leute, folgende Mail zu PGP 5.5 koennte Euch vielleicht interessieren viele Gruesse Ingo PGP Inc.'s timing was very unfortunate, and I've told them so in rather heated language. But the PGP 5.5 corporate message recovery features are *not* key escrow or key recovery or trusted third party, and don't have anything to do with these concepts. They are a forced Cc to a corporate key. There is no back door, not escrow of user keys, no skeleton key, no repository of anything. It's a far more direct form of snooping, quite frankly - a form that Congress would not dare try to mandate. That would be the direct analog of making it illegal to make a phone call without getting an FBI agent on the line first. PGP's CMR features are an extreme specialty measure for high-security or mission-critical corporate circumstances of a particular kind, nothing more. The intallation for PGP 5.5 Corporate Edition even warns against using these features unless various extreme extra security measures are taken, since the CMR process introduces new security problems. It's a solution that certain does not scale very well at all. If congressfolks and anyone else who can make a difference are confusing this with industry adoption of key escrow they are completely and totally wrong and need to be corrected immediately. And in the case of any Administration people trying to confuse them, they need to be corrected publicly and with no mercy. -- Stanton McCandlish mech@eff.org Electronic Frontier Foundation Program Director http://www.eff.org/~mech +1 415 436 9333 x105 (v), +1 415 436 9333 (f) Are YOU an EFF member? http://www.eff.org/join