[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: comments on PGP *5*

In article <19980913232759.A23249@earthlink.net>,
	knghtbrd@earthlink.net (Joseph Carter) writes:
> PGP v5 supports key escrow and it can be used without your knowledge or
> consent with v5.x, though it can only be specifically enabled in 5.5+ I

IIRC PGP5 can be configured, by your sysadmin, to automatically encrypt
a outgoing message session key with a "corporate public-key" in addition
to the recipient's public-key. And that PGP5 can be configured to refuse
to decrypt messages when the session key was not encrypted with the
"corporate public-key". As I understand it this NOT key-escrow.

AFAIK PGP5 does not provide a mechanism to force you to send a copy of
your private key to an "Offical Key Escrow Authority". And that the
"key-recovery" feature has no effect on users of "PGP For Personal
Provacy" (the non-corporate version).

Please correct me if I am wrong...

||k || Steve Kostecke                |  Debian GNU/Linux
||__|| steve@kostecke.net            |  The Open Source(R) Operating System
|/__\| http://kostecke.home.ml.org   |  http://www.debian.org

Reply to: