[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#17959: pgp-i: new upstream version



Hi,

	Who the hell is the author? My estimation of his competence
 plummeted seconds into this mail. This is like the bozo in the Times
 of london who blasted unix in general as being for the techno nerds. 

	If PGP is installed without this option, then pgp does not
 also encrypt the message with the recovery key, and is every bit as
 secure as it was before.

>>"Martin" == Martin Schulze <joey@kuolema.Infodrom.North.DE> writes:

Martin> For the german speaking people: Please read
>> URL:http://www.fen.baynet.de/datenschutz/ld_50.htm>, linked from

Martin> The release of PGP 5.5 Business contains Company Message
Martin> Recovery (CMR).  Even release 5.0 supports CMR.  What is CMR
Martin> you might ask? It's similar to key recovery.  You're sending
Martin> an encrypted message and without your knowledge it's encrypted
Martin> with a third key so your boss (or the government) may read it,
Martin> too.  Nifty feature, right?

	For gods sake. Similar to key recovery? does he have any idea
 what security is? or what a computer is? 

	Folks, this is a nice OPTIONAL FEATURE. The operative word is
 *optional*. 

	If I am dealing with valuable data at work, (as opposed to
 playing with encription toys), I would appreciate this feature. This
 means that I can share data with the office on London, etc, but if my
 co-worker is on sick leave, we can still get hold of the data and
 work on it.

	It is stated up front, if you need message recovery (usually
 in a corporate setting, you have to set it up (tell pgp what the
 corporate key is, for example).

	Then the privacy umbrella is expanded to include the
 recipients, and the corporate recovery user. So data can't be lost
 because someone didn't come in to work.

	For private use, do not turn the feature on.


	It can't recover the message if you turn it on later. And
 never is any users key recoverable (so people can't sign
 messages as you.

Martin> This normally won't work the other way round as a remote user
Martin> won't encrypt his message with the company's key, too.  To
Martin> enable this additional fields were added (ARR - Additional
Martin> Recipient Record) that tell the other pgp program to encrypt
Martin> the message with an additional key so the company is still
Martin> able to decrypt it.

	This is an *option*. It would be nice if my work group had
 that. 

Martin> The commandline version of pgp 5.x doesn't provide queries
Martin> about the additional encryption.

Martin> As a side note this has made several people quite angry who
Martin> have scanned and proof-read the pgp books to get an
Martin> international pgp release.

	and who are intellectually challenged. Names, quotes, and
 references into the code, please. 

Martin> There are attempts to release a new version of pgp based on
Martin> 2.6.x. Lutz Donnerhake is working on such a thing called pgp
Martin> 2.6in (cf 2nd link from above).

Martin> This CMR makes pgp quite useless.  Please think of it.

	This guy should run windows.

	manoj

-- 
 "Freedom" has no meaning of itself. There are always restrictions, be
 they legal, genetic, or physical. If you don't believe me, try to
 chew a radio signal. Kelvin Throop III
Manoj Srivastava  <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .


Reply to: