Re: Just say NO to key escrow or CMR/ARR revisited

["Richard Johnson" <rdump@xxxxxxxxx>]

At 13:25 -0700 on 11/5/97, Jon Callas wrote:
> At 08:04 AM 11/5/97 -0800, mark@xxxxxxxxxxx wrote:
>    I have no great problem with defining the neccesary flags and tags
>    as 'implementation defined' so that non-CMR applications won't barf
>    when they see them, but I certainly do not want to have to build
>    snoopware into my applications in order to comply with the standard.
>
> This is *PRECISELY* what my original suggestion was. I think this is why
> some people talk about "fear mongering." No one has ever suggested anything
> by just defining the tags, and leaving treatment up to the application,
> except the fear mongers.
>


It is not fear-mongering to request that the tags not even be defined
because they unnecessarily weaken the security of the standard.

Please, let's not place hooks that can easily be abused to require
encryption to 3rd party keys into the standard.  Enforcement of such
requirements by software such as PGP's SMTP agent are all too real
possibilities (er, that exists already, doesn't it).

Also, use of "recovery" keys to which a large amount of traffic is
encrypted merely provides a high value key as a target for attack, by any
adversary, government or not.

Instead, let's leave message recovery up to the implementors of individual
applications, as an added feature not part of the official open-pgp
standard.  Those who sell into markets where such features are desired can
add them.  The rest of the world will not have to be forced to go along.


Richard