Re: Bug#17959: pgp-i: new upstream version

To: kaih@khms.westfalen.de (Kai Henningsen)
Cc: debian-devel@lists.debian.org
Subject: Re: Bug#17959: pgp-i: new upstream version
From: Manoj Srivastava <srivasta@datasync.com>
Date: 11 Feb 1998 00:09:43 -0600
Message-id: <[🔎] 87ra5aisew.fsf@tiamat.datasync.com>
In-reply-to: kaih@khms.westfalen.de's message of "10 Feb 1998 20:21:00 +0200"
References: <19980208202148.20462.qmail@kitenet.net> <19980208220606.45172@kuolema> <87d8gxoapy.fsf@tiamat.datasync.com> <19980209223512.11868@kuolema> <877m744cut.fsf@tiamat.datasync.com> <[🔎] 6nbYIBAmw-B@khms.westfalen.de>

Hi,

	FUD, FUD, FUD.

>>"Kai" == Kai Henningsen <kaih@khms.westfalen.de> writes:

Kai> Incidentally, the general consensus of said IETF group is that it
Kai> is so much of a good thing that they aren't even going to
Kai> document it - except to say to ignore this.

	Have you actually read the discussion? Firstly, Your key can't
 be recovered, so it is *NOT* key escrow. Anyone who says that is
 either incompetent, or deliberately misleading. I think maybe it is
 the latter case. Second, it is an optional feature.

	The group is getting all hot and bothered because this is one
 step closer to Government Accessed Keys, and how the people holding
 the message recovery key have too much power (like reading the mail
 of everyone else). And that there is no distinction between storage
 keys and transmission keys (which should never be recoverable, they
 say. Yes, if one is that uncertain of the intent of the owner of the
 machine or of the person using it, sure, don't use message
 recovery. I guess I am not paranoid enough about the governement
 accessible key threat looming over all of humanity (or black
 helicopter that spy on me at night).

	Message recovery is a tool. It can be misused, like having
 root passwords can be misused. Anything powerful or useful can be
 dangerous. 

	It is an OPTION.

	So we have come to censoring our userbase because we do not
 think they are competent enough to handle the tools that are out
 there? Coming to think of it. I think I like a message recovery key
 for me. (If someone forced me to give a key to read my data, I can
 give them my recovery key, and not my ME key. This is important). Why
 should corporations not have access to their documents no matter
 what? (Don't use this system for your private data, then).

	Message recovery can be used for good too.

Kai> Somehow, I have more trust in that group's competence than in
Kai> yours, in matters like this.

	I think you should be building your confidence in yourself,
 and actually looking at the issues rather than taking the word of a
 god-guru. 

	Just because they can send mail to majordomo does not make
 them competent. (I know the same argument applies to me too. So look
 for yourself and decide).
	
	manoj

 Apart from the essay below, also look at
 <URL:http://www.imc.org/ietf-open-pgp/mail-archive/0228.html>

Attachment: 0226.txt
Description: Binary data

-- 
 They are all fickle but one, sir. A West Point Cadet's answer to,
 "How are they all?"  (Suggestions as to what this could have meant
 are appreciated).
Manoj Srivastava  <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E

Reply to:

References:
- Re: Bug#17959: pgp-i: new upstream version
  - From: kaih@khms.westfalen.de (Kai Henningsen)

Prev by Date: autoup.sh & considerations on bail-out scripts
Next by Date: Re: Help switching maintainers
Previous by thread: Re: Bug#17959: pgp-i: new upstream version
Next by thread: Re: md5sums files (was Re: over 30000 bugs in our archive (!))
Index(es):
- Date
- Thread