Re: Bug#17959: pgp-i: new upstream version
- To: debian-devel@lists.debian.org
- Subject: Re: Bug#17959: pgp-i: new upstream version
- From: kaih@khms.westfalen.de (Kai Henningsen)
- Date: 10 Feb 1998 20:21:00 +0200
- Message-id: <[🔎] 6nbYIBAmw-B@khms.westfalen.de>
- In-reply-to: <877m744cut.fsf@tiamat.datasync.com>
- References: <19980208202148.20462.qmail@kitenet.net> <19980208220606.45172@kuolema> <87d8gxoapy.fsf@tiamat.datasync.com> <19980209223512.11868@kuolema> <877m744cut.fsf@tiamat.datasync.com>
srivasta@datasync.com (Manoj Srivastava) wrote on 09.02.98 in <877m744cut.fsf@tiamat.datasync.com>:
> >>"Martin" == Martin Schulze <joey@kuolema.Infodrom.North.DE> writes:
>
> Martin> [1 <text/plain; iso-8859-1 (quoted-printable)>] On Sun, Feb
> Martin> 08, 1998 at 06:58:33PM -0600, Manoj Srivastava wrote:
>
> >> Though I do not hail from the show-me state, when it comes to
> >> matters of security, and wild accusations like this:
>
> Martin> ... it is also said that it [pgp 5.0] contains hooks for key
> Martin> escorow which makes it useless.
> >> Show me. The code is out there. I have looked at it. Show me where
> >> the hooks for key escrow are.
>
> Martin> Please as Lutz Donnerhacke <lutz@as-node.jena.thur.de>. I
> Martin> know it from him and he *has* looked at the code, according to
> Martin> my knowledge.
>
> That is getting too far removed. I heard from a friend who
> heard from a friend who heard from a friend who had looked at
> the code ...
Lutz is a member of the IETF working group[1] that is writing the OpenPGP
standard. He wrote one of two versions of the first draft; the current
draft still includes much text from him, I believe (the current editor is
a guy from PGP, Inc. [jon@pgp.com]). He's also currently writing a
reference implementation of OpenPGP.
Lutz also created the PGP 2.6.3in version, mucho improvements (bugs fixed,
better support for features like signature-only and encryption-only keys
and key expiry, and so on - I'm currently using that version).
Lutz is also the head of the IN CA (the certification authority of the
Individual Network e.V. - the guys that made the congress in Aachen where
Joey was responsible for the slightly suboptimal key signing session).
Lutz is also a former moderator from de.admin.news.announce.
He's a nice guy, and he's also competent, especially wrt pgp.
As to his claims, you'd better look for yourself.
Type Bits/KeyID Date User ID
pub 2048/39F37F5D 1996/04/25 Lutz Donnerhacke <Lutz.Donnerhacke@Jena.Thur.De>
sig F6599E8D bruce@debian.org
sig* C26EE891 wagner@debian.org
sig 4A725F31 Kai Henningsen <kai@debian.org>
sig 50F32125 Jens Immig <jim@gecko.de>
sig 0C9857A5 Werner Koch <werner.koch@guug.de>
sig ED9547ED Wichert Akkerman <wichert@wi.leidenuniv.nl>
sig 672D05C1 J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>
sig DB089309 Lutz Donnerhacke <lutz@iks-jena.de>
sig F081195D Matthias Bauer <matthiasb@acm.org>
sig A2C51749 Bernd Eckenfels <ecki@lina.inka.de> HSK
sig 39F37F5D Lutz Donnerhacke <Lutz.Donnerhacke@Jena.Thur.De>
Lutz Donnerhacke <lutz@dana.de>
sig 39F37F5D Lutz Donnerhacke <Lutz.Donnerhacke@Jena.Thur.De>
pub 1127/DB089309 1997/03/17 Lutz Donnerhacke <lutz@iks-jena.de>
sig 39F37F5D Lutz Donnerhacke <Lutz.Donnerhacke@Jena.Thur.De>
sig DB089309 Lutz Donnerhacke <lutz@iks-jena.de>
2 matching keys found.
> I have seen your work. I do not know Lutz Donnerhacke
> <lutz@as-node.jena.thur.de>.
Well, now you know a little bit more.
> >> If you can't find any, please do not make accusations like this.
>
> Martin> What I've gotton from hime is not really key escorow but
> Martin> message recovery.
>
> And message recovery is a good thing. Espescially for
> companies and people with valuable data, rather than peopl
> just playing with encription.
Incidentally, the general consensus of said IETF group is that it is so
much of a good thing that they aren't even going to document it - except
to say to ignore this.
Somehow, I have more trust in that group's competence than in yours, in
matters like this.
MfG Kai
[1] In case you're interested, the mailing list is ietf-open-pgp@imc.org,
subscribe via the usual -request mechanism; an archive can be found
somewhere on http://www.imc.org. (IMC is the Internet Mail Consortium,
incidentally; they host lots of IETF mailing lists if they are even
remotely connected with mail. And IETF, of course, is the Internet
Engineering Task Force - the guys responsible for all the standards track
RFCs.) The drafts, on all the usual Internet draft mirrors, are named
draft-ietf-openpgp-*.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: