Re: Clarifications on PGP5 'vulnerabilities'
On Wed, Feb 11, 1998 at 11:40:55AM +0100, Lutz Donnerhacke wrote:
> > > The release of PGP 5.5 Business contains Company Message Recovery
> > > (CMR). Even release 5.0 supports CMR. What is CMR you might ask?
> > > It's similar to key recovery. You're sending an encrypted message
> > > and without your knowledge it's encrypted with a third key so your
> > > boss (or the government) may read it, too. Nifty feature, right?
> > Stop the FUD. That is an _optional_ feature, if you want
> > you can enable it -- if you don't, then _don't_.
> Stop here, guys. (And try to read my bad English)
> You are looking for a single line of code enabling third party access to any
> PGP message generated in past and future. Obviously such a line does not
> exist. The problem is much more complex.
Thank you for that message. I understand the possible effects
of these technologies, and agree that they must never be used
for ill purposes in such a wide scale. However, please keep
in mind that not all the world is USA or France (Finns have
quite strong opinions on individual freedom or whatever..)
The political side of this issue must not be forgotten, but
nothing in what you wrote means that PGP 5.x is anymore
"dangerous" than PGP 2.6.3i (to me, or to the way Debian uses
PGP signatures to authenticate packages). As such, I think
this issue does not belong to debian-devel, and the people
who wish to talk about the political effects of PGP Inc's
doings may very well do so -- just find some other forum.
PGP5 is _technically_ safe, but not _politically_.
End of thread, thank you.
--
tv-nospam-sig-1@hq.yok.utu.fi - it's a valid address w/o spam | +358-50-5124907
f u cn rd ths, thn u cn rd perl 2 | rm -rf / && echo bye-bye. | --tv
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: