Re: Bug#17959: pgp-i: new upstream version
Hi,
Who the hell is the author? My estimation of his competence
plummeted seconds into this mail. This is like the bozo in the Times
of london who blasted unix in general as being for the techno nerds.
If PGP is installed without this option, then pgp does not
also encrypt the message with the recovery key, and is every bit as
secure as it was before.
>>"Martin" == Martin Schulze <joey@kuolema.Infodrom.North.DE> writes:
Martin> For the german speaking people: Please read
>> URL:http://www.fen.baynet.de/datenschutz/ld_50.htm>, linked from
Martin> The release of PGP 5.5 Business contains Company Message
Martin> Recovery (CMR). Even release 5.0 supports CMR. What is CMR
Martin> you might ask? It's similar to key recovery. You're sending
Martin> an encrypted message and without your knowledge it's encrypted
Martin> with a third key so your boss (or the government) may read it,
Martin> too. Nifty feature, right?
For gods sake. Similar to key recovery? does he have any idea
what security is? or what a computer is?
Folks, this is a nice OPTIONAL FEATURE. The operative word is
*optional*.
If I am dealing with valuable data at work, (as opposed to
playing with encription toys), I would appreciate this feature. This
means that I can share data with the office on London, etc, but if my
co-worker is on sick leave, we can still get hold of the data and
work on it.
It is stated up front, if you need message recovery (usually
in a corporate setting, you have to set it up (tell pgp what the
corporate key is, for example).
Then the privacy umbrella is expanded to include the
recipients, and the corporate recovery user. So data can't be lost
because someone didn't come in to work.
For private use, do not turn the feature on.
It can't recover the message if you turn it on later. And
never is any users key recoverable (so people can't sign
messages as you.
Martin> This normally won't work the other way round as a remote user
Martin> won't encrypt his message with the company's key, too. To
Martin> enable this additional fields were added (ARR - Additional
Martin> Recipient Record) that tell the other pgp program to encrypt
Martin> the message with an additional key so the company is still
Martin> able to decrypt it.
This is an *option*. It would be nice if my work group had
that.
Martin> The commandline version of pgp 5.x doesn't provide queries
Martin> about the additional encryption.
Martin> As a side note this has made several people quite angry who
Martin> have scanned and proof-read the pgp books to get an
Martin> international pgp release.
and who are intellectually challenged. Names, quotes, and
references into the code, please.
Martin> There are attempts to release a new version of pgp based on
Martin> 2.6.x. Lutz Donnerhake is working on such a thing called pgp
Martin> 2.6in (cf 2nd link from above).
Martin> This CMR makes pgp quite useless. Please think of it.
This guy should run windows.
manoj
--
"Freedom" has no meaning of itself. There are always restrictions, be
they legal, genetic, or physical. If you don't believe me, try to
chew a radio signal. Kelvin Throop III
Manoj Srivastava <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: