[87909] in Cypherpunks
Re: What's really in PGP 5.5?
daemon@ATHENA.MIT.EDU (Adam Back)
Wed Oct 8 21:01:26 1997
Date: Thu, 9 Oct 1997 00:09:03 +0100
From: Adam Back <aba@dcs.ex.ac.uk>
To: jon@pgp.com
CC: schneier@counterpane.com, jon@pgp.com, cypherpunks@cyberpass.net,
risks@csl.sri.com, minow@apple.com
In-reply-to: <3.0.3.32.19971008143320.00a9be80@mail.pgp.com> (message from Jon
Callas on Wed, 08 Oct 1997 14:33:20 -0700)
Reply-To: Adam Back <aba@dcs.ex.ac.uk>
[cryptography snipped, Perry's killed the thread]
Jon Callas <jon@pgp.com> writes:
> At 08:48 PM 10/7/97 -0500, Bruce Schneier wrote:
> Jon Calis wrote:
> If this is true (and I have no reason to believe it isn't), then
> why is the key escrow code written (although not turned on) in
> the source code for 5.0 that was posted internationally from PGP?
>
> Bruce, I understand that you don't like any form of data recovery,
> but there is no key escrow in PGP. Perhaps we should talk about this
> on the phone.
Oooh. PGP Inc damage control mode on <clunk>!
We all would like to hear the reason too, Jon :-)
> Makes no sense.
Here are a couple of reasonably plausible ones:
- common source tree with #ifdefs for different products
- some functionality required even in non business version to inform
user about policy flag meanings
btw I didn't read the source code quoted so that second attempt at a
plausible reason might be a dud.
btw2: it isn't just Bruce that doesn't like key escrow.
btw3: your definition of "data recovery" is wrong.
Adam
--
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`