Re: Just say NO to key escrow or CMR/ARR revisited

[Ian Brown <I.Brown@xxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----

> A completely bogus crux.  In *both cases* we are talking about
> encrypted email.  Therefore, in both cases we are talking about data
> sent across an insecure network.  Therefore, in both cases the FBI has
> access to the ciphertext.  In either case, data that doesn't get sent 
> across an insecure network is not the issue.
> 
> Forward secrecy in email is an orthogonal issue to CMR/key escrow.

Forward secrecy in email is orthogonal to this post.

In a CMR scheme, with a mandated government recipient, the ciphertext is
sent across an insecure network. There it can be intercepted and read by
any interested TLA.

In an escrow scheme - with escrow of either decryption keys or
ciphertext encrypted to a company/FBI key *inside an organisation* -
ciphertext *outside* the organisation is not encrypted to anyone except
the recipient. It can be intercepted but not read.

> You are not making any sense here.  CMR doesn't automatically give 
> keys to anyone.

No, I didn't say that. With a mandated government recipient, no keys
need to be handed over. The ciphertext can be read as is.

Ian.

-----BEGIN PGP SIGNATURE-----
Version: Cryptix 2.2.2

iQCVAgUBNGBAwppi0bQULdFRAQFa0gP9HHEEKHaU1gKGlj7ZZwgYg0raUURH1k+x
jpZ0AkaEfIHvl+y6RfDDwEO5o4h+Iwp+Ht3XFUAZH4x8qxxYHzb/tP6kbD2OdVCX
WLpQRA40c6AQSrZDnHSYgkN6wYzJxITJls0TWahPpVbmG7w7QdDMjFG/TFHG7pG0
uOJcrlQmFso=
=aSVC
-----END PGP SIGNATURE-----