Re: Bug#17959: pgp-i: new upstream version

To: debian-devel@lists.debian.org
Subject: Re: Bug#17959: pgp-i: new upstream version
From: kaih@khms.westfalen.de (Kai Henningsen)
Date: 10 Feb 1998 20:21:00 +0200
Message-id: <[🔎] 6nbYIBAmw-B@khms.westfalen.de>
In-reply-to: <877m744cut.fsf@tiamat.datasync.com>
References: <19980208202148.20462.qmail@kitenet.net> <19980208220606.45172@kuolema> <87d8gxoapy.fsf@tiamat.datasync.com> <19980209223512.11868@kuolema> <877m744cut.fsf@tiamat.datasync.com>

srivasta@datasync.com (Manoj Srivastava)  wrote on 09.02.98 in <877m744cut.fsf@tiamat.datasync.com>:

> >>"Martin" == Martin Schulze <joey@kuolema.Infodrom.North.DE> writes:
>
> Martin> [1 <text/plain; iso-8859-1 (quoted-printable)>] On Sun, Feb
> Martin> 08, 1998 at 06:58:33PM -0600, Manoj Srivastava wrote:
>
> >> Though I do not hail from the show-me state, when it comes to
> >> matters of security, and wild accusations like this:
>
> Martin> ... it is also said that it [pgp 5.0] contains hooks for key
> Martin> escorow which makes it useless.
> >>  Show me. The code is out there. I have looked at it. Show me where
> >> the hooks for key escrow are.
>
> Martin> Please as Lutz Donnerhacke <lutz@as-node.jena.thur.de>.  I
> Martin> know it from him and he *has* looked at the code, according to
> Martin> my knowledge.
>
> 	That is getting too far removed. I heard from a friend who
>  heard from  a friend who heard from a friend who had looked at
>  the code ...

Lutz is a member of the IETF working group[1] that is writing the OpenPGP  
standard. He wrote one of two versions of the first draft; the current  
draft still includes much text from him, I believe (the current editor is  
a guy from PGP, Inc. [jon@pgp.com]). He's also currently writing a  
reference implementation of OpenPGP.

Lutz also created the PGP 2.6.3in version, mucho improvements (bugs fixed,  
better support for features like signature-only and encryption-only keys  
and key expiry, and so on - I'm currently using that version).

Lutz is also the head of the IN CA (the certification authority of the  
Individual Network e.V. - the guys that made the congress in Aachen where  
Joey was responsible for the slightly suboptimal key signing session).

Lutz is also a former moderator from de.admin.news.announce.

He's a nice guy, and he's also competent, especially wrt pgp.

As to his claims, you'd better look for yourself.

Type Bits/KeyID    Date       User ID
pub  2048/39F37F5D 1996/04/25 Lutz Donnerhacke <Lutz.Donnerhacke@Jena.Thur.De>
sig       F6599E8D             bruce@debian.org
sig*      C26EE891             wagner@debian.org
sig       4A725F31             Kai Henningsen <kai@debian.org>
sig       50F32125             Jens Immig <jim@gecko.de>
sig       0C9857A5             Werner Koch <werner.koch@guug.de>
sig       ED9547ED             Wichert Akkerman <wichert@wi.leidenuniv.nl>
sig       672D05C1             J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>
sig       DB089309             Lutz Donnerhacke <lutz@iks-jena.de>
sig       F081195D             Matthias Bauer <matthiasb@acm.org>
sig       A2C51749             Bernd Eckenfels <ecki@lina.inka.de> HSK
sig       39F37F5D             Lutz Donnerhacke <Lutz.Donnerhacke@Jena.Thur.De>
                              Lutz Donnerhacke <lutz@dana.de>
sig       39F37F5D             Lutz Donnerhacke <Lutz.Donnerhacke@Jena.Thur.De>
pub  1127/DB089309 1997/03/17 Lutz Donnerhacke <lutz@iks-jena.de>
sig       39F37F5D             Lutz Donnerhacke <Lutz.Donnerhacke@Jena.Thur.De>
sig       DB089309             Lutz Donnerhacke <lutz@iks-jena.de>
2 matching keys found.

> 	I have seen your work. I do not know Lutz Donnerhacke
>  <lutz@as-node.jena.thur.de>.

Well, now you know a little bit more.

> >> If you can't find any, please do not make accusations like this.
>
> Martin> What I've gotton from hime is not really key escorow but
> Martin> message recovery.
>
> 	And message recovery is a good thing. Espescially for
>  companies and people with valuable data, rather than peopl
>  just playing with encription.

Incidentally, the general consensus of said IETF group is that it is so  
much of a good thing that they aren't even going to document it - except  
to say to ignore this.

Somehow, I have more trust in that group's competence than in yours, in  
matters like this.

MfG Kai

[1] In case you're interested, the mailing list is ietf-open-pgp@imc.org,  
subscribe via the usual -request mechanism; an archive can be found  
somewhere on http://www.imc.org. (IMC is the Internet Mail Consortium,  
incidentally; they host lots of IETF mailing lists if they are even  
remotely connected with mail. And IETF, of course, is the Internet  
Engineering Task Force - the guys responsible for all the standards track  
RFCs.) The drafts, on all the usual Internet draft mirrors, are named  
draft-ietf-openpgp-*.

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: Bug#17959: pgp-i: new upstream version
  - From: Manoj Srivastava <srivasta@datasync.com>

Prev by Date: Driver for Hercules Stingray 128/3D ?
Next by Date: Re: Help switching maintainers
Previous by thread: Re: Bug#17959: pgp-i: new upstream version
Next by thread: Re: Bug#17959: pgp-i: new upstream version
Index(es):
- Date
- Thread