backdoor in pgp5.0i?
Hans-Christian Grosz
I was told that the pgp 5.0i has a backdoor, and that even Phil
Zimmermann has confirmed that.
Please could someone email me, whether thats true, and if yes, what
non-us-freeware-version should one use.
Thanx in advance
For email-replies, please remove the -REMOVE at the end
of my address
Vaya con dios,
Hans-Christian
* InterNet: e942...@student.tuwien.ac.at-REMOVE
* FidoNet: 2:310/73.2620
* PGP available
Anthony E. Greene
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 27 Dec 1997 04:04:09 GMT, e942...@student.tuwien.ac.at-REMOVE (Hans
Christian Grosz) wrote:
>I was told that the pgp 5.0i has a backdoor, and that even Phil
>Zimmermann has confirmed that.
Tell the person who told you that to download the source code from
<http://www.pgpi.com/> and show you the back door. The PGP FAQ has a section
that talks about this too <http://www.pgp.net/pgpnet/pgpfaq/>.
PGP is the only freely available encryption software with freely available
source code. Anyone can download the code and satisfy themselves of it's
integrity, including your doubting friend. The source code is FREE. No need
to listen to rumors. Compare this openness with other encryption packages
you've been told are trustworthy.
>Please could someone email me, whether thats true, and if yes, what
>non-us-freeware-version should one use.
Get the latest version that runs on your computer from
<http://www.pgpi.com/>.
Tony
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCdAwUBNKTIv0RUP9V4zUMpAQHnTAQ7BBd3QvnowWWOJcdO2qG7AyQM8B9xTiss
CbS6i/vkpEdT2RuAv+CMf26eeOqlO6Dnpv8WTe44DjMvBGc8lRY3gtKgZEeT0o5n
DUdBQGOcSGujbeb37xKmxB0iCzQAuYtzUbZpBGKROOZtzKK5Quxu4VQhqkpuE5Xi
exLbuSFAEuD5OtmGxF86Nw==
=p2HL
-----END PGP SIGNATURE-----
P.S. PGP 5.5 (freeware) users will not be able to verify this
signature, although I can verify theirs. PGP 5.0 users can talk
to everyone. See link below.
-------------------------------------------------------------
Anthony E. Greene <NoS...@pobox.com> NoSpam=agreene
Use PGP -- Envelopes and Signatures for Email
What is PGP? <http://www.pobox.com/~agreene/pgp/>
My PGP Key: <http://www.pobox.com/~agreene/pgp/agreene.key>
FREEWARE Win95 PGP 5.0: <http://web.mit.edu/network/pgp.html>
-------------------------------------------------------------
ro...@127.0.0.1
On 12/26/97, Anthony E. Greene wrote:
>On Sat, 27 Dec 1997 04:04:09 GMT, (Hans Christian Grosz) wrote:
>
> > I was told that the pgp 5.0i has a backdoor, and that even Phil
> > Zimmermann has confirmed that.
>
> Tell the person who told you that to download the source code from
> <http://www.pgpi.com/> and show you the back door.
In theory of course, this is possible. In practice however, it is
less so. I've personally looked through the PGP source, something
I've done since the 2.3 days. But regardless of how fluent my
knowlege of C and programming, my inadequate knowlege of cryptographic
methods and security weaknesses makes checking for backdoors quite
futile. You see, there are many subtle ways of putting in backdoors
that would be nearly undetectable even if you read the source
carefully. Just as an example, you could program the key generation
routine to choose IDEA keys from a much smaller subset of the real
keyspace than is indicated by the keysize, making a brute force attack
possible. This kind of backdoor would be nearly invisible to anyone
except an expert reading the code. The trick of a good backdoor is
not to put in suspicious extra code, but to make the existing code
function in ways slightly different than it should. Subtle
differences that can be hidden in the algorithm rather than the
implementation.
You don't really expect backdoor code to be surrounded with comments
/* BACKDOOR ENTRY HERE */, do you?
So even with source code, we really still have to rely on lots of
knowlegable people reading and understanding the inner workings of
the code to tell us whether it is truly secure. That's life.
Don't misunderstand me. I personally don't believe there is a
backdoor in PGP. But it's just an opinion.
Fred Wright
In comp.security.pgp Hans-Christian Grosz <e942...@student.tuwien.ac.at-REMOVE> wrote:
: I was told that the pgp 5.0i has a backdoor, and that even Phil
: Zimmermann has confirmed that.
: Please could someone email me, whether thats true, and if yes, what
: non-us-freeware-version should one use.
This is probably referring to the Corporate Message Recovery feature,
which has been discussed earlier. AIUI there is a configuration option
for PGP5 used in a corporate environment to be configured to essentially
have key escrow with respect to the company. Thus your employer can
always read encrypted mail sent through their facilities if this option
is activated. PGP is supposed to warn you that this is happening, and
give you the option not to use it, so that your privacy isn't being
compromised secretly, but you may be denied the option of having private
email at work.
Disclaimer: This is just hearsay from earlier postings.
Fred Wright
Anthony E. Greene
-----BEGIN PGP SIGNED MESSAGE-----
On 28 Dec 1997 11:51:39 GMT, Fred Wright <f...@nospam.wco.com> wrote:
>In comp.security.pgp Hans-Christian Grosz <e942...@student.tuwien.ac.at
This is not strictly accurate but gives the general idea. I just want to add
that for many people there is already no *legal* expectation of privacy in
office email. CMR does not change that. It's not just "PGP5 in a corporate
environment". It's PGP for Business Security vs PGP for Personal Privacy.
They are two different, but compatible, security packages.
Many people still strongly associate "PGP" with "Personal Privacy" so the
idea that the company can read encrypted email upsets them. I liken PGP For
Business Security to a company lock on a company filing cabinet. It's not a
personal lock so no one should expect to use it as if it were. People who
need a personal lock for their email can get one for free.
Decide if your needs are for Personal Privacy or for Business Security and
buy (or download) the package designed for your needs.
Tony
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCdAwUBNKZltkRUP9V4zUMpAQEAGQQ7BGTTtv5EgCq7ZiA/kryITp6TQW2RdV+o
qRVjmJH3qKeBWGiyIvoaNc/kA9fFR5SpVxeyQ+1aH7tdC7O0/DCt/a4pW15ZPvkf
dzTnT/4ctgCbLpIRb/kwV0huxFDrwSKJu7D1TFNouRjZjRhwMHdtx5qymhBLT1dk
UWNTR/aie/zMpUufKrJVtQ==
=zD7v
Robert L. Gifford
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hans:
There is the ability to recover messages in the 5.0 versions, but
there is no key recovery. Of coarse this ability
is only in the BE (Business ) version.
The business version has several tools that are very useful, that are
not found in the personal version, ergo, I
have been buying the BE version for some time because of this. No,
there is no back door so to speak. All
Phil was referring to was the fact that the ability to recover
messages was in the BE version. This is not key
recovery at all. The BE version has no ability to recover the key of
the employee. Also, as some of the other
posts have stated quite well, the employee is forewarned that a
recovery key has been installed, "do you want
to continue?"
When you setup the BE version you can choose to load, or not load the
"Client files", and there avoid loading
the ability to recover messages. It's quite simple because the
program gives you a choice, and if you decide
not to load the "Client Files", message recovery can not be
accomplished until the program is completely
reloaded and setup again.
It's is quite safe in the fact that PGP does not load any of the code
(2-megs) that recovers messages unless
that is what you want.
I use it all the time, and it is quite safe and secure. I do not
choose to load the message recovery. Therefore,
no back door!
Regards,
Robert L. Gifford
gif...@mindspring.com
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5.2
iQA/AwUBNKbA3PuyFRtOy+yqEQLXZQCeMlnbQhw3jFj9hXpcH+XapppB3rgAoOLY
f1XoQ3V7s4XTbv25oYWhwf5k
=jyhM
-----END PGP SIGNATURE-----
Rich Wales
Justin <anon...@anonymous.net> wrote:
There is no key recovery in any version of PGP. There
IS message recovery in PGP for Business. . . . PGP for
Business includes a feature that can force messages to
be encrypted to a corporate recovery key as well.
As far as I'm aware, the corporate message recovery facility in PGP for
Business Security is just a repackaging of the "encrypttoself" feature
that has been in PGP since time immemorial -- the difference being that
the extra key belongs to the company, instead of the individual PGP user
(i.e., an employee).
It isn't a government back door, for the simple reason that a company
using PGP for Business Security doesn't have to give its auxiliary key
to an approved government agent in order to use the product.
The feature admittedly does allow a company to read encrypted mail sent
out by its employees -- a perfectly proper thing for several very good
reasons -- but it does =not= compromise the company's information secur-
ity the way a government back-door scheme would.
I suppose, of course, that the corporate message recovery feature could
be subverted into a government back door if the government were somehow
able to force companies using PGP to hand over their corporate keys to
an "escrow" agent. But that's a completely separate issue.
Rich Wales ri...@webcom.com http://www.webcom.com/richw/
See http://www.webcom.com/richw/pgp/ for my PGP key and fingerprint info
*SPAMMERS BEWARE: I complain to ISP's about SPAM in my e-mail.
T Bruce Tober
In article <34A6C13E...@mindspring.com>, Robert L. Gifford
<gif...@mindspring.com> writes
>The business version has several tools that are very useful, that are
>not found in the personal version,
Which are what, please?
tbt --
--
|Bruce Tober, octob...@reporters.net, Birmingham, England +44-121-242-3832|
| Freelance PhotoJournalist - IT, Business, The Arts and lots more |
|pgp key ID 0x94F48255. Website - http://www.homeusers.prestel.co.uk/crecon/ |
Robert L. Gifford
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bruce:
The tools that I refer to are mainly the tools for the Administrators.
In my family environment I have four
people that use three computers. The Business Security Suite gives us
the ability to control the conditions of
outgoing E-Mail, such as to make it automatically encrypt, unless
otherwise designated, etc. We do not use
the Message recovery ability because of each others right to privacy
within our group. In other words, we do
not generate a message recovery key.
There is an installation wizards for administrators, a Corporate
signing key which stops a bogus key from
being injected into the system (gives a warning when encrypting to keys
not certified by the Corporate Signing
key), the ability to configure passphrase security control ( both
minimum length and quality can be specified),
gives controls over the key database (based on policies that you
establish for your particular site), the PGP
Policy Management Agent for Simple Mail Transfer Protocol (SMPT) that
enforces your groups encryption
policy. The PGP SMTP Policy Agent works in conjunction with a standard
SMTP mail server to ensure that
incoming and outgoing e-mail adheres to the policies enforced by a given
site.
And again I stress that we do not generate a message recovery key, so
this process does quite well for our
small group. It adds security that we would not have, with only the
Personal Version, and adds a standard
that helps all of us to encrypt properly. Along with this we use
BCWipe, and NSClean, which cleans all temp
files, swap files, and our navigator daily.
Half of good cryptography is having a clean sight. The other half is
instituting a good cryptographic system.
We feel we have both.
Regards,
Robert L. Gifford
gif...@mindspring.com
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5.2
iQA/AwUBNKpIdfuyFRtOy+yqEQL/2ACfZZ7FGvQB/8uj14UGXfQV60Vh6m0AoO24
dur2tw1DOlTYSGGmE8dggr8Z
=dRwA
-----END PGP SIGNATURE-----
Bosco
Robert L. Gifford wrote:
> There is the ability to recover messages in the 5.0 versions, but
> there is no key recovery. Of coarse this ability
> is only in the BE (Business ) version.
Now I may be a little dense in my understanding of your answers to this
question, but I'd like a little more clarity on the issue.
Does the current version of the commercial, personal PGP have any built
in method whatsoever for any government or corporate entity to recover
encrypted messages? If the answer is "no," can this be verified? For
example, is the complete source code still publicly available?
Thanks for your time and patience,
Bosco
Robert L. Gifford
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bosco:
The PGP BE version, as bought from PGP Inc., has the ability for
Corporate recovery of an encrypted
message, but not Government recovery!
Lets look at the PGP environment for a minute. The keys are kept in a
encrypted file, therefore are not usable
to anyone that does not have the secret passphrase. PGP has always
stated that you should use a passphrase,
not a password. PGP always goes on to state how a passphrase should be
constructed. Ergo, the message
recovery process is safe from any outside source, including but not
limited to the Government.
PGP has no known process to recover a key, now or in the future. Your
keys are safe. The Government
cannot recovery your keys, or messages.
The complete source code is still publicly available for the 5.x
version. Each succeeding version has a few
tools added, but the source code is essentially the same. Remember PGP
is made up of tools that have never
been broken. PGP is just a tool box for this different processes that
have been developed by other
companies.
The newer versions of PGP, specifically the 5.x versions have changed to
the DH key, using the CAST
system. This was only because RSA's MD5 has been compromised. This
just means that there is the
possibility that the Government could break your signature, not the
message that you encrypt. The IDEA
process is very safe, and has not been broken in any way by NSA, or any
other branch of the US Gov..
The MD5 was not totally broken, but there were some weaknesses that were
discovered by a German
Cryptographer.
Did I do good??
Regards,
Robert L. Gifford
gif...@mindspring.com
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5.2
iQA/AwUBNKp1OvuyFRtOy+yqEQJn4wCg+1kRr8fa021ojfDM8ztPPrwbU68Ani2D
6JBbJ3bgu2e5L6Ekzm7ZppWX
=2Y1M
-----END PGP SIGNATURE-----
Bosco
Robert L. Gifford wrote:
> Did I do good??
By gum, you did GREAT! I was probably being more obtuse than necessary with
my questions, because I'm not really clear on what US gov't bills regarding
encryption have actually passed into law in the last year, or so...
I recall the public brew-ha-ha surrounding the "clipper chip" and also
requirements that the assorted security and intelligence bodies of our gov't
were pursuing that all "secure" telephony, broadcast devices and
applications must have a mechanism whereby the gov't could recover encrypted
data in "times of national emergency" or "matters of national security." I
also seem to recall a discussion that this was one very good reason, in
addtion to the RSA copyright issue, for staying at PGP versions 2.6.2 and
below...
As soon as I had posted my reply I went back to the PGP site and found the
5.0 published source code offering. Have all the changes from 5.0 to, what,
5.5.3?, also been published for public scrutiny? I assume so...
Thank you again for your quick, courteous and exhaustive reply.
Warmest regards and a very happy new year to you and yours,
Bosco
Anonymous
>I was told that the pgp 5.0i has a backdoor, and that even Phil
>Zimmermann has confirmed that.
>
>Please could someone email me, whether thats true, and if yes, what
>non-us-freeware-version should one use.
Only reliable PGP is PGP2.6.3i. Never use Windows based, commercial,
US-version etc. PGPs.
Lutz Donnerhacke
* Robert L. Gifford wrote:
>There is the ability to recover messages in the 5.0 versions, but
>there is no key recovery. Of coarse this ability
>is only in the BE (Business ) version.
Wrong. The PE must cooperate to enable the snooping functions in BE.
Lutz Donnerhacke
* Beretta24 wrote:
>There is no key recovery in any version of PGP. There IS message recovery in
No. It's access to the communication.
Lutz Donnerhacke
* Robert L. Gifford wrote:
>Corporate recovery of an encrypted
>message, but not Government recovery!
Not quite correct. PGP 5.x is designed to enforce snooping communication in
a defined enviroment. It is designed to companies but not limited to them.
Lutz Donnerhacke
* Harald Milz wrote:
>The answer is no, as stated a couple of times here. The message will be
>encrypted with two keys one of which belongs to the employer who can
>decrypt the messages afterwards. There is no key recovery or whatsoever.
Encryption to a third party key is key recovery. Plain and simple.
Lutz Donnerhacke
* Justin D. Paine (since the anon seems to bug people) wrote:
I read the source of PGP5.0i. Nothing found to inform the user.
Lutz Donnerhacke
* Justin D. Paine (since the anon seems to bug people) wrote:
>those messages that are encrypted to a corporate recovery key and be retrieved.
Thats enough. I will not accept even this case.
> Some businesses may make this mandatory, others may not. When are you people
>gonna figure out that no business that deals with multi-million dollar
>contracts, R&D, etc, etc. Is gonna allow it's employees to encrypt it's data
>with UNBREAKABLE encryption? That is FOOLISH!
Correct. Thats why every company developed methods to document the progress
without snooping every communication.
>Or have you forgotten that not only will PGP encrypt email, it will also
>encrypt files on a hard drive just as easily. In our configured version,
>conventional encryption is disabled and YES all data must be encrypted to a
>corporate key.
Use a different key for storing and everything will be fine. BTW: You may
notice, that asymmetric encryption does not solve storing problems.
Symmetric encryption does.
Anthony E. Greene
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 02 Jan 1998 21:36:18 GMT, anon...@anonymous.net (Justin D. Paine
(since the anon seems to bug people)) wrote:
>You people are pathetic.
Don't waste your time. Lutz has problems with the concept that data that
employees process may not belong to them. For some reason he believes that
data transmitted by employees belongs to employees and that the company has
no rights to it.
<sarcasm>
I guess I should just give my chauffer the title to my car since it's
obvious that since he drives it, it's his. I don't know where I could have
possibly gotten the idea that since I paid for the car and the chauffer is
hired to drive it that somehow the car is still mine. Silly me. Of course
I'll just give the car to him and I'll give my kitchen to the cook, oh and
let's not forget the garden. I enjoyed it so much, but since the gardener
works there, I guess I have no rights to it either. And I guess I'll have to
find someplace to live since the butler and maid now own the house.
</sarcasm>
Tony
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCdAwUBNK18SERUP9V4zUMpAQGTqQQ7BP02L0QU8x4EnEvnC042rlV8RN5LJu+M
HQ3OojjZOF0u31m+F6s0BrUFTCS7PSkX89X4Kk9yJRtq4jDMeN5eT/PZPvs9B/no
7T6lqEgBnyDL/gyq04TSKYJhd8pAQmSujdWC9gYf2wP5MJ3Xw4eA3uYoodk8kA6l
xa/nVQvqag/LSf1npFFuPA==
=uzRk
Anthony E. Greene
On Sat, 27 Dec 1997 04:04:09 GMT, e942...@student.tuwien.ac.at-REMOVE
(Hans-Christian Grosz) wrote:
>I was told that the pgp 5.0i has a backdoor, and that even Phil
>Zimmermann has confirmed that.
>
>Please could someone email me, whether thats true, and if yes, what
>non-us-freeware-version should one use.
>
>Thanx in advance
Here is my recent post on the PGP Users List on this subject:
Mailing-List: contact pgp-use...@joshua.rivertown.net; run by ezmlm
Delivered-To: mailing list pgp-...@joshua.rivertown.net
Message-Id: <3.0.3.32.1998010...@pop03.ca.us.ibm.net>
X-PGP-RSA-KeyID: 0x78CD4329
X-PGP-RSA-Fingerprint: A3 57 37 48 54 88 FE 4A D6 81 C0 74 DA 00 A6 F7
X-HomePage: <http://www.pobox.com/~agreene/>
X-Sender: deinet....@pop03.ca.us.ibm.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
Date: Thu, 01 Jan 1998 01:54:17 +0100
To: pgp-...@joshua.rivertown.net
From: "Anthony E. Greene" <agr...@pobox.com>
Subject: Re: [PGP-USERS]: PGP 5.5 Backdoor
In-Reply-To: <A7546AF8D17BD011B7...@nyc.triaddata.com>
-----BEGIN PGP SIGNED MESSAGE-----
At 15:45 31-12-97 -0500, Martin Hughes wrote:
>I recently visited http://www.i-way.co.uk/~reality/sunrise/pgp.shtml
>
>Keith Parkins claims that PGP 5.5 has a backdoor that Phil Zimmerman
>included.
The text from Kieth's page:
>>>>
Warning Do not use PGP 5.5. This crippled version not only has a backdoor
key, it can be coupled with a mail server that prevents the transmission of
encrypted mail that does not contain the backdoor key. I am not just
shocked
and appalled, I am sickened that Phil Zimmermann should have released such
a
defective product. Phil Zimmermann's reputation has taken a serious knock.
Small wonder that Bruce Schneier described PGP 5.5 as "everything the FBI
ever dreamed of".
<<<<
PGP 5.5x for Business Security (PGPFBS) includes a feature called Corporate
Message Recovery (CMR). There are also 5.5x versions for Personal Privacy.
Do not get them mixed up. PGP for Personal Privacy does not include CMR,
but supports the use of CMR keys, if they are available.
Corporate Message Recovery is a sophisticated version of the
"EncryptToSelf" option that has been available since PGP 2.6x. Keys created
using PGPFBS *may* have an option to specify a CMR Key. The CMR key is
preselected as an additional recipient in messages addressed to the CMR
user. This is a feature that companies can use on company purchased
software that's used to send company owned information from company owned
machines on a company owned network, presumably on company time. PGP for
*Business Security* is different from, but compatible with, PGP for
*Personal Privacy*.
When businesses buy locks to protect their property, they need to be able
to get to it if the regular key holder quits, gets fired, loses the key,
etc. The logic is the same as many PGP users follow when they encrypt to
their own key on outgoing messages. If individuals have the right to
recover their own data, why should companies not have the same right?
Saying that CMR is a "back door" implies that the data is being recovered
by someone who is not the owner of the data in the first place. PGPFBS is
for the owners of the data to have the ability to recover it. If non-owners
decide to use the same security software for their own data, they can't
call that accessibility a "back door". It would be like my chauffeur
objecting to my having a second key to my own car.
PGP for Business Security is marketed to businesses, to protect business
data. Once it's clear who owns the data, this whole issue goes away.
Tony
-------------------------------------------------------------
Anthony E. Greene <agr...@pobox.com>
Use PGP -- Security and Signatures for Email
What is PGP? <http://www.pobox.com/~agreene/pgp/>
My PGP Key: <http://www.pobox.com/~agreene/pgp/agreene.key>
FREEWARE Win95 PGP 5.0: <http://web.mit.edu/network/pgp.html>
-------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCdAwUBNKrbKURUP9V4zUMpAQHShgQ6Aw8so5PCzv8T3QH0PyoGae9wRfeJEK7U
Oc4RBmUKb+TtF9lyGucGumApSt2yWLL0hpZCyaIgR95fg7SwRLQdWL+ai+443CD+
0uE+MNceWEYCoaK0yxsxTL+PKrUeqji9gb+aJ/ENgB6mb14CsC8c+h8rHVlaovMQ
5UjNWJUDTQwC9/Dsus+6iQ==
=hj/E
Lutz Donnerhacke
* Justin D. Paine (since the anon seems to bug people) wrote:
>This is a direct quote from the Adobe Acrobat (.pfd format) users manual
PGP 5.0 ?
J. Spelling
According to Phil's statement in the user manual of PGP5, it's at least as
secure as previous versions (even more since it uses a new encryption
technique), and there's no backdoor.
--
If you want to write me email, put a dot between the j and the rest.
Anonymous wrote in message <1998010218...@basement.replay.com>...
>>I was told that the pgp 5.0i has a backdoor, and that even Phil
>>Zimmermann has confirmed that.
>>
>>Please could someone email me, whether thats true, and if yes, what
>>non-us-freeware-version should one use.
>
Robert L. Gifford
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Justin:
Keep up the good work, it sure is giving me a rest.
I am in Georgia, and a guy called me a few minutes ago from San Diego
and I'm still
laughing. We were talking about your responses to some of the more
intelligent posters
out there.
Justin... what does "Freaking" mean? Is that a new code??
Regards,
Jumpin Jack Flash
gif...@mindspring.com
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5.2
iQA/AwUBNLAesPuyFRtOy+yqEQIVIQCg68zwI+00ivbby12VXy7FYvB2K1cAn3Ze
sfHB4yh+PVciGj5URi5BLZiG
=vSgu
-----END PGP SIGNATURE-----
Jon Plews
Lutz Donnerhacke <lu...@taranis.iks-jena.de> wrote in article
<slrn6aql2...@taranis.iks-jena.de>...
"key recovery" is accepted to mean recovery of the PRIVATE-KEY used to
encrypt sessions keys. If you were to extend "key recovery" to mean
recovery of the SESSION-KEY then you would be right (after a fashion), but
you would also be very misguided.
Don't muddy the waters by making that extension--it is dishonest,
misleading and dangerous.
By your (implied) definition of "key recovery" encryption to *one* party is
key recovery--the session key *has* to be recoverable, otherwise you have
nothing but noise.
Jon.
Lutz Donnerhacke
* Justin D. Paine (since the anon seems to bug people) wrote:
>
>If you don't want your messages to be accessible to a 3rd party, don't encrypt
>any messages to someone who uses a CMR key. Problem solved.
Yes... no communication possible... Policy Enforcer will block.
Robert L. Gifford
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Justin:
Case in point:
Two years ago I was called by a company by the name of Universal Rubber.
The
owner's wife was killed in a tragic car accident. It was on a Friday,
at 10:00 am that I
arrived at their office, twenty five minutes after receiving their call.
Payroll was due at 3:00 p.m. (15:00 hours) and the entire manufacturing
plant payroll was
protected by two pass words. Her last name was "Star", so my first try
was "Galaxy".
You guessed it, the payroll opened up like a old book. The executive
payroll was just as
easy, and I walked out of there with a thousand dollars in my pocket for
ten minutes
work.
How do you get people to read the manual?????? Most of them should
read their
manual, plus "Protect Your Privacy" by William Stallings. It's one of
the better books on
the basics of PGP and public key algorithms. I am not promoting this
book, but it would
be one of the best for the new PGP operator to read.
I got upset with Mr. Sternlight only because I thought he was driving
off the new
operators from a very good system, in fact the best system out there for
the civilian, and
one of the very few that NSA can't break if a sizable key is used. I
should have stopped
and realized that his input is just as important as mine, even though I
disagreed with his
approach. Being a perfectionist I have a hard time dealing with other
personalities
anyway. I have a tendency to be withdrawn into my own little world that
doesn't need
cryptography to hide it's essence.
As to your last question.... It must have been an coincidents, ya
beeleeve me don ya!!
Regards,
Jumpin Jack Flash
gif...@mindspring.com
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5.2
iQA/AwUBNLDdlvuyFRtOy+yqEQL8aACgtS2GmhZOakve1rMRHZ3gQgQmb8sAoM9M
2/tNs9FrTm6C3Ks8WYX6finY
=CsZ1
-----END PGP SIGNATURE-----
Ron Heiby
lu...@taranis.iks-jena.de (Lutz Donnerhacke) wrote:
>Yes... no communication possible... Policy Enforcer will block.
There! Now you've got it! If the company chooses to not have encrypted
messages passing in/out of their computers that they cannot access if
necessary, then they set up Policy Enforcer to block such messages.
Of course, any legal, political, or ethical discussions of whether or not it
is appropriate in any given country for this to be done are off-topic.
--
Ron.
Mixmaster
hei...@falkor.chi.il.us (Ron Heiby):
> lu...@taranis.iks-jena.de (Lutz Donnerhacke) wrote:
> >Yes... no communication possible... Policy Enforcer will block.
>
> Of course, any legal, political, or ethical discussions of whether
> or not it is appropriate in any given country for this to be done
> are off-topic.
Define On-Topic.
Is it: Praise the Lord, that is: Phil Zimmermann and PGP INC. for
the bait, they have laid out for us.
Is it: Praise the american mind that defines FREEDOM for the rest
of the world. Hence we finally learned the true meaning of the word.
comp.praise.pgp,alt.praise.pgp,alt.oblivion.pgp
Oh come on...
Anthony E. Greene
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 05 Jan 1998 01:14:14 GMT, anon...@anonymous.net (Justin D. Paine
(since the anon seems to bug people)) wrote:
>PS. I'm curious as to how you were able to deduce the fact that I also live
in
>San Diego?
I imagine a whois search for the domain specified by your Messagid would
give POC information for the domain, including address and phone number.
Tony
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCcAwUBNLF0nERUP9V4zUMpAQFlzwQ4jfVCvHZRu0hn3tlpz6iZCbUKCZbBT7gH
HhXCtchj0OUlDvRFLcQw4Q0opXjct3042qnbW15nHYD2nHRngKArm5kWjzr2cvmA
fz5mouJQqzOQ9SU3cHVV+FfaEuX+2GsBFUdQDXr1UsGzCPbvcyu8+q1EH8bqDeRX
PG1BUP//zIbkBl2yywZU
=5dkF
John L. Spetz
In a previous article, lu...@taranis.iks-jena.de (Lutz Donnerhacke) says:
>* Harald Milz wrote:
>>The answer is no, as stated a couple of times here. The message will be
>>encrypted with two keys one of which belongs to the employer who can
>>decrypt the messages afterwards. There is no key recovery or whatsoever.
>
>Encryption to a third party key is key recovery. Plain and simple.
>
How do you figure that? "Key recovery" means that the "key" itself
can be recovered without assistance from the owner of the key. Granted
in "message recovery" a given session or one-time key will be recovered
but that key is useless except for the single target message. Any
secret/public key pairs used to protect a given session key are not
themselves compromised. The message is only recoverable because one
(or more) of the secret/public key pairs used to protect a given
encrypted message's session key is *already known* to the recovering
agent.
I suppose recovery of session keys could be called a trivial case of
key recovery but that is not what the US Government has in mind. True
key recovery would involves escrowing the secret key in a secret/public
key pair. The method usually proposed is to make it illegal to distribute
a public key unless the secret key is turned over to a key repository.
The FBI amendments to the SAFE act said in a nutshell that any organization
authorized to vouch for the authenticity of a public key must escrow the
corresponding secret key and be prepared to disclose it to authorized
personnel quickly and without notifying the owner. An important provision
was that notifying the owner of a disclosed key would itself be a crime.
Lutz Donnerhacke
* John L. Spetz wrote:
>In a previous article, lu...@taranis.iks-jena.de (Lutz Donnerhacke) says:
>>Encryption to a third party key is key recovery. Plain and simple.
>
>How do you figure that? "Key recovery" means that the "key" itself
>can be recovered without assistance from the owner of the key.
There are seven keys:
- The public and the private key of the communictating parties (4)
- The public and the private key of the snooping party (2)
- The session key (1)
You said: '"Key recovery" means that the "key" itself can be recovered
without assistance from the owner of the key.'
Which key? - The session key.
Who owns the key? - The communicating parties.
So CMR is "Key Recovery" and therefore an introductional step to GAK.
Robert L. Gifford
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Justin:
I bet you got my E-Mail also, didn't you?? Justin, I might consider an
overseas job...
NOT...., I couldn't take my PGP with me.
Tony got part of it right. Touché! But that wasn't all by a long shot.
I love this place.
Regards,
Jumpin Jack Flash
gif...@mindspring.com
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5.2
iQA/AwUBNLJWNfuyFRtOy+yqEQJIZACdHbE2BKdWoGm8ahxi4/FePH2fNTUAnRJI
S8NE4EqD7tku862p57YLH7bi
=kEsS
-----END PGP SIGNATURE-----
brew...@freenet.edmonton.ab.ca
John L. Spetz (jl...@po.CWRU.Edu) wrote:
(snip)
: I suppose recovery of session keys could be called a trivial case of
: key recovery but that is not what the US Government has in mind. True
: key recovery would involves escrowing the secret key in a secret/public
: key pair. The method usually proposed is to make it illegal to distribute
: a public key unless the secret key is turned over to a key repository.
: The FBI amendments to the SAFE act said in a nutshell that any organization
: authorized to vouch for the authenticity of a public key must escrow the
: corresponding secret key and be prepared to disclose it to authorized
: personnel quickly and without notifying the owner. An important provision
: was that notifying the owner of a disclosed key would itself be a crime.
Escrow means what? Steal? Create? Require?
A private key in the hands of anyone but the owner can't be trusted. If
"any organization authorized to vouch for the authenticity of a public
key" is not only allowed, but forced to hav private keys, then
unauthorized CAs will be the only ones you can trust. They'd require you
only to produce picture&signature ID, and a hand-written signature (Please
sign in front of teller) and a thumbprint (damned ID has no thumbprint:
what about forjd ID?), on a piece of paper with your public key on it.
If I can trace your e-signature to anyone els, you can say they stole your
private key and hacked xor forced you to tell them the pass phrase). If a
law says someone els MUST hav your key, and you can't know who it is or
even how many others hav your key, all you can prove is that the FBI or
your CA MIGHT have released your key to the wrong person or someone MIGHT
hav stolen your private key and pass phrase.
--BrewJay: Preventing obscene gestures in nudist colonies.
Lutz Donnerhacke
* Justin D. Paine (since the anon seems to bug people) wrote:
>On 6 Jan 1998 09:05:00 GMT, lu...@taranis.iks-jena.de (Lutz Donnerhacke) wrote:
>>So CMR is "Key Recovery" and therefore an introductional step to GAK.
>
Thnx, I will.
>You really don't see the business
>implications that unbreakable crypto produces do you?
No. I know, that there are other solutions to keep a documentation of the
work process up to date the recording all the communication.
Michael Uplawski
anon...@anonymous.net (Justin D. Paine (since the anon seems to bug
people)):
> Just keep living in your dream world..... You really don't see the business
> implications that unbreakable crypto produces do you?
So do you agree, that people outside the US should be facing quite
different "implications"? If you do, you can just as well support our claim
for non-CMR-Encryption.
Or just keep livin in your american dream world...
> Justin
Michael
Ron Heiby
der...@gmx.net (Michael Uplawski) wrote:
As I see it, whether the business is in the United States of America, some
other part of the American continent(s), or some other place entirely:
If a business allows their business critical data to be encrypted with
unbreakable crypto, without the ability to recover that data if the one
employee with the key walks in front of a bus tomorrow, then that business
has a non-zero probability of being in really big trouble one of these days.
I do not see how the business location has anything to do with how much
trouble they will be in if they find one day that they cannot access their
corporate personnel and/or payroll and/or tax records. I certainly don't
have direct familiarity with "the tax man" in other countries, but around
here, I doubt that they would see the humor in having being told that they
could not see my company's records because we could not recover them.
--
Ron.
Lutz Donnerhacke
* Ron Heiby wrote:
>If a business allows their business critical data to be encrypted with
>unbreakable crypto, without the ability to recover that data if the one
>employee with the key walks in front of a bus tomorrow, then that business
>has a non-zero probability of being in really big trouble one of these days.
Sure. But if a company really depends on data in transit the company will
still have this problem with or without snooping features.
There is no problem with seperate storage keys or the following construct:
Majorkey
DSA (signing)
UserID: Key of the employee
Subkey
ElGamal (encryption)
UserID: Key of the department
There is not commerical need for CMR.
Ron Heiby
lu...@taranis.iks-jena.de (Lutz Donnerhacke) wrote:
>Sure. But if a company really depends on data in transit the company will
>still have this problem with or without snooping features.
We have had this discussion before. You keep talking about "snooping" and
then complain that everyone else is talking about "snooping". You are not
talking about what everyone else is talking about. I will not repeat the
previous discussion.
--
Ron.
Anthony E. Greene
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 07 Jan 1998 17:55:31 GMT, anon...@anonymous.net (Justin D.
Paine (since the anon seems to bug people)) wrote:
[great CMR argument reluctantly snipped]
>This is all I have to say on this subject. I'm not on a crusade to
convince
>the world. I just think this debate over the whole CMR key issue is
>ridiculous.
>
>Justin
I know it's not good netiqutte to post when you don't have anything
significant to say, but...
Justin,
I agree, and thanks for stating the case so well.
Tony
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCdAwUBNLO8o0RUP9V4zUMpAQGQpwQ7BBoKp45R7FHqOflUDoX6TX30m774qWZC
j7byLipFVDSo8vv6cyp8OrEWEoiPIQamvA/IOTQdTMMT03F+mwluXnVU3s2c6xl4
XY5Sj+LiJG1wbYtKCpVPeuwgD0q3DSGTqFCCN8UiRlfnuKWW4rBhRhSWF7/WWp4q
6qnvvp4BxrVgJDMDzYILbw==
=g9oe
-----END PGP SIGNATURE-----
P.S. PGPFreeware 5.5x users will not be able to verify this
signature, although I can verify theirs. MIT PGPFreeware 5.0 and
paid versions of PGP are compatible with all versions of PGP.
Axel H. Horns
hei...@falkor.chi.il.us (Ron Heiby) wrote:
>If a business allows their business critical data to be encrypted with
>unbreakable crypto, without the ability to recover that data if the one
>employee with the key walks in front of a bus tomorrow, then that business
>has a non-zero probability of being in really big trouble one of these days.
Yes, so far you are perfectly right. "So far" means "with regard to
permanent storage of critical data". *Communication* of such data is
just another thing. Entirely different. Believe it or not.
Communication implies that you want to share data which someone else
who has already stored them somewhere. You want to have these data,
too, and you have reasons to expect that the communication partner is
prepared to provide you with a copy thereof. If encrypted copied data
ist lost during communication, don't worry about that. Simply ask the
other communication partner just to re-send all that stuff on the
basis of the original data he keeps on his storage media. The same
situation comes up if the secret key for *communication purposes* gets
lost just before or after successfull communication of encrypted data
but before completion of decryption. Simply ask the other side to
re-send the data. Thats all. Of course, after you have successfully
decrypted the encrypted message with a secret key used for
*communication purposes*, you might well consider to re-encrypt all
that stuff with another public key which is devoted for *storage
purposes* where the secret key thereof might be shared with someone
else in the company, if doing so is deemed to be appropriate, e.g.
with regard to company tax records or so.
Why is it essential to make such a big difference between key pairs
for *communication* and key pairs for *storage*?
With regard to *stored* confidential data, times have not changed very
much during the past 30 or 50 years. Law enforcement must have a
seizure warrant in order to intrude into your company premises,
regardless of whether the data to be seized are in a mechanical safe
or encrypted on a computer disk. Like 30 years ago, officers will have
to enter the room in which the safe or the computer is installed, and
probably you will take notice of the seizure action.
With regard to surveillance of *communication* processes, a dramatic
change has occured during the same time interval. Thirty, fourty of
fifty years ago, the old-fashioned analog telephone was the only
significant target to be wiretapped. All other communication processes
were largely made on the basis of written communication, fixed on
paper and in most cases covered by an envelope. Of course, it was well
possible to open envelopes with steam, and intelligence has widely
made use of such techniques. However, mechanically opening and
re-sealing letter evelopes by hand was a costly procedure and, hence,
surveillance was severely limited due to oeconomical restrictions.
And, telephone wiretapping was also somewhat expensive because of each
wiretapped line had to be monitored by a human snooper.
Nowadays, computer-to-computer data transmissions like e-mail as well
as facsimile data transmissions are carrying a huge volume of
potentially critical and confidential messages, and the NSA (maybe
also other agencies?) has well developed the ability to conduct fully
computerized and automated surveillance scans covering each and every
telecommunication activity. And, moreover, there seems to be a policy
pushed by the White House and other governments in the world saying
that confidentially of communication processes shall be granted *only*
amongst the citenzens and companies as well for protection of official
secrets, but there shall be no secrecy ofcommunication granted to the
citizens and companies in view of snooping by law enforcement or
intelligence agencies.
Therefore, the differences trend to be significant: With regard to
*stored* data, law enforecement and intelligence agencies are not in a
much better position than many years ago. They have to obtain a
seizure warrant, and the complications and costs of physical seizures
will inherently limit these actions to tose cases where such measures
are really necessary. On the contrary, *surveillance of electronical
telecommunication processes* by computer-assisted scanning techniques
is too easy and too inexpensive in order to be properly self-
constrained on the basis of economical limitations. The agencies trend
to extend their surveillance practise to a scope which is not good for
business and, in particular, for democracy. The sensible political and
legal equilibrium of checks and balances is severely disturbed when
ubiquous communication surveillance is too easy to perform.
At this point, things become purely political. If you should say:
"Well, I know that the agencies desire to cover my secret
communications with their surveillance efforts, but I accept that
beacuse I am abolutely confident in all actions of my government": OK,
let's agree to differ. You might wish to stop reading here and discard
this posting.
====
How does the government argue?
On the one hand, there is a constant arguing that the surveillance
capabilities of the agencies are absolutely necessary in order to
prevent andfight crime. This assumption would be OK if there would be
sufficient empirical evidence that total communication surveillance is
indeed *necessary* for fighting crime. I have not seen any such
evidence up to now.
On the other hand, there is a constant rumor that the crime-fighting
purpose of surveillance is only a smaller fraction of the truth. The
major portion of the reality is said to be that the intelligence
agencies need surveillance for purposes of "national security" -
whatever that might be. A few days ago, there was an interesting
publication on the net. In the U.S., there is a famous instrument
which can take things out of the dark of official secrecy: FOIA.
In Message-ID: <884132072...@dejanews.com> Charles R. Smith
<sof...@us.net> quotes portions declassified by means of FOIA of a
previously entirely classified document of the U.S. National Security
Council. The report was prepared by the Interagency Working Group
(IWG) on encryption, a special committee established by Clinton's
official directive. The IWG included members from the White House,
Commerce Department, Justice Department, FBI, NSA and CIA:
--------------------- BEGIN QUOTED TEXT -------------------------
October 5, 1993
HANDLE VIA COMINT CHANNELS ONLY
WNINTEL
SENSITIVE
NOFORN
NOCONTRACT
ORCON
Classified by: Multiple Sources
TOP SECRET
4. Impacts and Risks of Telecommunications Technologies (U)
a. Law Enforcement
Recent technology development impacting electronic surveillance
include:
- Wireline Technologies - In the early 1970s, service
providers began to use digital loop carriers (DLC)
which had the effect of limiting the number of analog
appearances at which agencies could effect wiretaps
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXX BLACKED OUT 50 USC - NATIONAL SECURITY XXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- Customer Premises Equipment - XXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXX BLACKED OUT 50 USC - NATIONAL SECURITY XXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- Wireless Technologies - In the early 1980s, the
introduction of cellular telephone throughout the US
presented a substantial impediment to government agencies
conducting electronic surveillance XXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXX BLACKED OUT 50 USC - NATIONAL SECURITY XXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- Customer Subscriber Features - XXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXX BLACKED OUT 50 USC - NATIONAL SECURITY XXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
(Next six paragraphs)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXX BLACKED OUT BY NSC - DELIBERATIVE PROCESS XXXXX
XXXXXX BLACKED OUT 50 USC - NATIONAL SECURITY XXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
(1) Risks to Law Enforcement's Abilities (U)
Society's most dangerous criminal organizations and groups rely
heavily upon the use of telecommunications XXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXX BLACKED OUT BY NSC - DELIBERATIVE PROCESS XXXXXXXXXXX
XXXXXXXX BLACKED OUT BY NSC - LAW ENFORCEMENT TECH XXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Loss of a viable, effective electronic surveillance technique
would result in:
- a substantial loss of life, attributable to the
inability of law enforcement to prevent planned
terrorist acts and murders; (U)
- a substantial increase in the corruption of and economic
harm (in the billions of dollars) to business,
industry, labor unions, and society generally caused by
the growth/re-emergence of organized crime groups and a
substantial increase in the undetected and unprosecuted
public fraud against the Government (in the billions of
dollars); (U)
- substantially increased availability and reduced cost
of narcotics and illegal drugs, as well as the
attendant personal, societal and economic harm
(numerous deaths, ravaged lives, and increased
economic harm in the billions of dollars); and (U)
- a substantial increase in undetected and unprosecuted
bombings, murders, and other acts with the attendant
loss of numerous lives and millions of dollars in
economic harm. (U)
b. National Security Intelligence Capabilities and Performance (S)
Foreign Intelligence / Counter Intelligence - XXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXX BLACKED OUT BY NSC - LAW ENFORCEMENT TECH XXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXX BLACKED OUT BY NSC - LAW ENFORCEMENT TECH XXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXX(TS)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXX BLACKED OUT BY NSC - DELIBERATIVE PROCESS XXXXXXXXXXX
XXXXXXXX BLACKED OUT 50 USC - NATIONAL SECURITY XXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX(TS)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXX BLACKED OUT BY NSC - DELIBERATIVE PROCESS XXXXXXXXXXX
XXXXXXXX BLACKED OUT 50 USC - NATIONAL SECURITY XXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX(TS)
--------------------- END QUOTED TEXT -------------------------
When analyzing this snip out of a larger classified document I thought
that it looks strange that the crime-related portions are declassified
but the portions related to National Security are still classified as
TOP SECRET. My impression is that the official propaganda is entitled
to talk to the people about crime-fighting purposes of communication
surveillance ("(1) Risks to Law Enforcement's Abilities (U)") and,
hence, there are less problems to declassify some of the related
portions. To the contrary, the part relating to National Security ("b.
National Security Intelligence Capabilities and Performance (S)")
seems to bear subject-matters with regard to which they prefer to keep
the secret. I fear that the true (and therefore classified) reasons
might me quite ugly from the standpoint of a free democratic society.
There is another interesting snip from the same source, namely
Message-ID: <884020698....@dejanews.com>:
--------------------- BEGIN QUOTED TEXT -------------------------
October 5, 1993
HANDLE VIA COMINT CHANNELS ONLY
WNINTEL
SENSITIVE
NOFORN
NOCONTRACT
ORCON
Classified by: Multiple Sources
TOP SECRET
PURPOSE
This report has been prepared in accordance with Presidential
Review Directive/NSC-27 (April 16, 1993) to:
1) broadly assess trends in telecommunications and
encryption technology and their impact upon law
enforcement and intelligence gathering; and (U)
2) evaluate the impact of the key escrow encryption
technology initiative announced in Presidential
Decision Directive/NSC-5. (S)
PRD/NSC-27 directed that this policy review should, furthermore,
include a full range of clear policy options and recommendations
for dealing with these issues. (S)
This report has been prepared for the President and the National
Security Council by the Interagency Working Group established by
the NSC pursuant to PRD/NSC-27. (C)
The legal constraints on a particular encryption technique can
significantly affect its market. Although, DES (DATA ENCRYPTION
STANDARD) is available outside the US, and its export is allowed
in certain cases, it is not generally exported from the US.
Other nations which produce DES have similar restrictions on its
export, in general motivated as in the US by national security
and law enforcement concerns. Patents, licenses, and import
restrictions also play similar roles as inhibitors or barriers.
Vendors would like an encryption technique which could be
incorporated in products destine for a global marketplace. (S)
FUTURE TECHNOLOGY SYSTEMS - Simply stated, the nexus of the long
term problem is how can the government sustain its technical
ability to accomplish electronic surveillance in a advanced
telecommunications environment characterized by great technical
diversity and many competing service providers (numbering over
1500, some potentially antagonistic) who have great economic and
political leverage. The solution to the access problem for
future telecommunications requires that the vendor/manufacturing
community translate the government's requirements into a
fundamental system design criteria. The basic issue for
resolution is a choice between accomplishing this objective by
mandatory (i.e., statutory/regulatory) or voluntary means. (U)
Department of Justice and FBI representatives have expressed
concerns about decontrolling DES exports just as use of
encryption is beginning to pose a criminal threat within the US.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX blacked out as SECRET XXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (C)
Recommendation: Maintain current controls on DES. XXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX blacked out as SECRET XXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (C)
--------------------- END QUOTED TEXT -------------------------
The section "FUTURE TECHNOLOGY SYSTEMS" seems to be most exciting.
Here the administration presents the official internal view (of 1993,
of course):
1. "The solution to the access problem for future telecommunications
requires that the vendor/manufacturing community translate the
government's requirements into a fundamental system design criteria."
2. "The basic issue for resolution is a choice between accomplishing
this objective by mandatory (i.e., statutory/regulatory) or voluntary
means. (U)"
You should read these two sentences at least twice.
Item No. 1 says that any "fundamental system design criteria" of
modern complex telecommunication systems might me target of the
surveillance policy of the U.S. government. And at this point we
should come back to PGP 5.x and the related features for third party
access to the session key. In 1993, the authors of the partially
declassified document might have thought of the Clipper Chip project
when writing down the phrase regarding translation of "the
government's requirements into a fundamental system design criteria",
but it seems to be clear that also the PGP 5.x features under debate
would match that statement. PGP might, willingly or not, escalate the
surveillance situation by pushing e.g. an idea that GAK might be
possible by installing a large database with session keys encrypted by
a particular public key for surveillance purposes, the corresponding
secret key held by the agencies, or the like. Under today's conditions
there is no unpolitical and innocent technical working in the area of
constructing secure cryptographic telecommunication systems. The
additional features of PGP 5.x will facilitate future standardisations
on means for third party access to session keys and/or encrypted
messages and, hence, irrespective of whether these features might be
dangerous or not in a pure private and commercial environment, they
indeed have a strong political aspect.
Item No. 2 makes clear that the official surveillance "lobby" will
welcome any efforts of the industry to facilitate surveillance
features in secure cryptographic communication systems. Exactly this
is done by PGP. However, at least in 1993, there was a secret
expectation that mandatory GAK will have to be enforced by legislation
if no collaborators like PGP should appear.
Axel H. Horns
Lutz Donnerhacke
* Harald Milz wrote:>I doubt your point.
There is a commerical need for recovery of storage data.
Michael Uplawski
Wow.
I do probably not need to emphasize on the paragraphs, I liked most in this
extraordinary article. Read it again: <b> 8-) </b>
Ho...@t-online.de (Axel H. Horns):
Ron Heiby
Very interesting post. Had to read all the way to the bottom to find out
what your point was.
Ho...@t-online.de (Axel H. Horns) wrote:
>Yes, so far you are perfectly right. "So far" means "with regard to
>permanent storage of critical data". *Communication* of such data is
>just another thing. Entirely different. Believe it or not.
OK, let's say that I buy that. I have a file I want to send to you. I
encrypt that file with PGP for Business to your key, my own key, and the CMR
key. I stick that file in my long term storage, from which it can be
recovered. No problem yet, right? I stick that file in my removable disk
drive (jaz or SyJet or similar). No problem yet, right? I stick the disk
cartridge in an envelope and mail it to you. No problem yet, right? Or is
it? When I mail you the disk cartridge, that's communication. It is no less
communication than if I stuck that file into an Email message and sent it to
you over the Internet. What if I had decided to ship my PC to you? That
would be communication, too, wouldn't it?
>Simply ask the other side to re-send the data.
Of course. That isn't the point of the CMR key at all. It isn't for me, the
recipient of the data. The data is already encrypted with *my* public key.
The point is that the *owner* of the data, the employer of the sender, can
also recover that data if necessary. Of course, if *my* employer is also
concerned about being able to recover business data, then the data is also
encrypted with my employer's CMR key.
The data DOES NOT BELONG to the two people communicating.
You should read that sentance at least twice. Naturally, I am most familiar
with the laws in my own country (USA). Other laws may differ. If the laws in
your country preclude the owner of the data from being able to read it, then
you would have legal recourse to prevent the owner from using the CMR
features of PGP.
>Of course, after you have successfully
>decrypted the encrypted message with a secret key used for
>*communication purposes*, you might well consider to re-encrypt all
>that stuff with another public key which is devoted for *storage
>purposes* where the secret key thereof might be shared with someone
>else in the company, if doing so is deemed to be appropriate, e.g.
>with regard to company tax records or so.
What if I, the owner of the company, do not choose to allow my employees to
make that decision? I want all encrypted business data to be recoverable by
my company.
>Why is it essential to make such a big difference between key pairs
>for *communication* and key pairs for *storage*?
There is no reason to do so at all. After this question, you proceed into a
long, but interesting treatise on government search and seizure, and on
government surveillance of communication. Although interesting, it has
nothing to do with PGP or the CMR capability.
>Item No. 2 makes clear that the official surveillance "lobby" will
>welcome any efforts of the industry to facilitate surveillance
>features in secure cryptographic communication systems. Exactly this
>is done by PGP. However, at least in 1993, there was a secret
>expectation that mandatory GAK will have to be enforced by legislation
>if no collaborators like PGP should appear.
Here is where you jump the track. There is no known feature of PGP that
anyone has demonstrated to be able to facilitate surveillance as you
describe. PGP does not do this at all. I challenge you to back up this
slanderous statement with some actual facts.
It is true that my communications and files, which I generate during the
course of business, using computers owned by my employer, using software
owned by my employer, can be read by my employer. Unless the government
comes in with appropriate authority to force the employer (or anyone else
whose key is used for encryption) to divulge the secret key, there is no way
that they can read the information. The only thing that the CMR keys
provides that is of any possible help to the government is a corporate
entity that they can serve with a warrant to attempt to force the key from
them. Of course, if the CMR key is not labelled with the name of the
corporation, signed by corporate officers, etc., it would seem to me that it
might be pretty hard for the government to prove that the CMR key belonged
to that company.
Some companies allow personal Email to be read/sent on company time. Some do
not. If a company allows personal Email, they may or may not allow it to be
encrypted without the CMR key.
My previous employer gave each employee a modest monthly stipend intended to
pay for Internet access, whether through a local or national ISP,
CompuServe, AOL, or some other method. I don't recall whether it was $10 or
$20 a month.
My ISP provides a class of service that provides Email, Usenet, and UNIX
shell for as low as $5/month. That's less than it costs me to take my wife
to the $1.50 movie theater and have a popcorn and soda. We are not talking
about an amount of money that is likely to be out of reach of most people
who would be in the position of having the desire and ability (PC, software,
modem, phone line) to send encrypted Email. A close family member of mine
has been going through a great deal of financial difficulty lately. Yet,
that family has an Internet account.
So, if you are going to plot terrorist acts, commit a little corporate
espionage, or write love notes to your lover, then my suggestion is that you
do so:
- on time not being paid for by your employer
- with a computer not being paid for by your employer
- with communication facilities not being paid for by your employer
- with software not being paid for by your employer
- with an Internet account not being paid for (directly) by your employer
If you pay for these five things yourself, then you don't need to worry
about CMR keys at your end. Assuming that you are using a version of PGP 5.x
for Windows (and probably for Mac), then you can see whether a CMR key has
been automatically added to your outgoing message and remove it. It's all
under your control, now -- nothing to worry about -- except, of course, if
your co-conspirator or lover turns state's evidence!
--
Ron.
J. Spelling
He's probably afraid that after the corporate key, there will be a
government key one day, built into PGP or its successor, so all your
messages will automatically be encrypted to that government key also, but
this time you won't be able to choose, and you won't even know. I know
that's one of my friends' fear, that's why he doesn't use PGP5 but sticks
with PGP2.6.3.
--
If you want to write me email, put a dot between the j and the rest.
Ron Heiby wrote in message <34b50185....@news.mcs.com>...
Anthony E. Greene
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 9 Jan 1998 01:31:56 +0100, "J. Spelling" <jspe...@usa.net>
wrote:
>He's probably afraid that after the corporate key, there will be a
>government key one day, built into PGP or its successor, so all your
>messages will automatically be encrypted to that government key also,
but
>this time you won't be able to choose, and you won't even know. I
know
>that's one of my friends' fear, that's why he doesn't use PGP5 but
sticks
>with PGP2.6.3.
Your friend is wasting his time. If a government ever mandates key
escrow, then non-escrow software will be prohibited, including all
current and previous versions of PGP. So he may as well use the new
easy stuff.
Tony
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCdAwUBNLWHh0RUP9V4zUMpAQGY+QQ7BGPpwP+c9g5FFe2lBJ0Q6rGMCRpuPuyw
PfdTv3DPHCjgAYUE7ar7LHwOu1DVhP8PkWj34WiRBAAVqfb/+SgNogIcNCDuNBN/
o0OMP1NoycNPZNDaenvESq4CLPjnlx1zeeNd5owU8VJvJ6i61yvQikNLtBI/kZ2U
KglnIsNnS621ehxxo6wWqg==
=IW/f
Paul Winalski
J. Spelling wrote:
!>
!> He's probably afraid that after the corporate key, there will be a
!> government key one day, built into PGP or its successor, so all your
!> messages will automatically be encrypted to that government key also,
but
!> this time you won't be able to choose, and you won't even know. I
know
!> that's one of my friends' fear, that's why he doesn't use PGP5 but
sticks
!> with PGP2.6.3.
We know such a key doesn't exist in PGP 5.0. Read the
sources.
As for the future, I fail to see how refusing to use PGP 5
affects the matter. If the government decides to impose
a requirement that all messages be encrypted to their
key, the government will at the same time ban use of PGP 5.0,
PGP 2.6.3, and all other versions of PGP that don't encrypt
to the government key.
--PSW
Axel H. Horns
"J. Spelling" <jspe...@usa.net> wrote:
>He's probably afraid that after the corporate key, there will be a
>government key one day, built into PGP or its successor, so all your
>messages will automatically be encrypted to that government key also, but
>this time you won't be able to choose, and you won't even know. I know
>that's one of my friends' fear, that's why he doesn't use PGP5 but sticks
>with PGP2.6.3.
You've got it.
Axel H. Horns
Axel H. Horns
>PGP 5 is under the same kinda scrutiny as all the others. And no one
>has discovered anything wrong with it. So his fears with the current
>version are unfounded.
You havn't got it.
Axel H. Horns
Axel H. Horns
Ho...@t-online.de (Axel H. Horns) wrote:
>What the agencies desperately want to do ist not to send expensive
>personnel into each house or business premises but instead they want
>to sit in their own computer rooms, remotely monitoring each and every
>telecommunication activity under real-time conditions in order to draw
>their conclusions from the information content thereof. In order to do
>so they need real-time access to all kinds of telecommunication
>traffic. This is the basis of the surveillance crisis caused by
>upcoming cryptograpy "for the masses". And if PGP 5.x is promoted for
>communication purposes (what is simply a matter of fact, see e.g. PGP
>5.x integration into MS-Outlook or Qualcomm's EUDORA 4.0), this has a
>political aspect. (see below).
Perhaps you might just have a look to the following text:
>A GLOBAL electronic spy network that can eavesdrop on every telephone,
>email and telex communication around the world will be officially
>acknowledged for the first time in a European Commission report to be
>delivered this week.
>
>The report - Assessing the Technologies of Political Control - was
>commissioned last year by the Civil Liberties Committee of the European
>Parliament. It contains details of a network of American-controlled
>intelligence stations on British soil and around the world, that
>"routinely and indiscriminately" monitor countless phone, fax and email
>messages.
>
>It states: "Within Europe all email telephone and fax communications are
>routinely intercepted by the United States National Security Agency
>transfering all target information from the European mainland via the
>strategic hub of London then by satellite to Fort Meade in Maryland via
>the crucial hub at Menwith Hill in the North York moors in the UK."
>
>The report confirms for the first time the existence of the secretive
>ECHELON system.
The worst rumors about ECHELON seem to be confirmed. Read further text
on
http://www.telegraph.co.uk:80/et?ac=000602131144806&rtmo=0sKsx2bq&atmo=0sKsx2bq&pg=/et/97/12/16/ecspy16..html
--
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." - Ben Franklin, ~1784
Axel H. Horns
See-Si...@nowhere.com (Anthony E. Greene) wrote:
>Your friend is wasting his time. If a government ever mandates key
>escrow, then non-escrow software will be prohibited, including all
>current and previous versions of PGP. So he may as well use the new
>easy stuff.
In a democracy, politics depends on the active participation of the
citizens.
Axel H. Horns
Lutz Donnerhacke
>his secret key only, deletes/wipes the plain text version for security
>reasons, and leaves the company shortly after that without revealing
>his pass phrase and secret key. How do you suppose to recover the data
>if there is no corporate key which can decrypt the data?
If he uses a storage tool for bussiness enviroments, it will prevent this
scenario. If he uses a mailing tool for communication, it it fine.
>Distinguishing "message" from "data file" is ridiculous in this context
>IMHO. Whether or not the encrypted data is transient or not - so what?
Think about it.
Ulrich Windl
> Lutz Donnerhacke (lu...@taranis.iks-jena.de) wrote:
> > * Harald Milz wrote:
> > >Lutz Donnerhacke (lu...@taranis.iks-jena.de) wrote:
> > >> There is not commerical need for CMR.
> > >
> > >I doubt your point.
> >
> > There is a commerical need for recovery of storage data.
>
> Good. Now imagine employee A encrypts some vital corporate data with
> his secret key only, deletes/wipes the plain text version for security
> reasons, and leaves the company shortly after that without revealing
> his pass phrase and secret key. How do you suppose to recover the data
> if there is no corporate key which can decrypt the data?
Imagine he erases the data instead. Where is the difference?
Functional private data should be encrypted with with a corresponding
functional key (e.g. department key). The private key should be in
some safe.
>
> Distinguishing "message" from "data file" is ridiculous in this context
> IMHO. Whether or not the encrypted data is transient or not - so what? A
> co-worker of mine frequently sends firewall configuration files to a
> customer. If something breaks, and his customer's network is compromised,
> he (or his boss if he decides to leave the company or if he is fired for
> some reason) will have to prove the data he sent last was errorless. Now
> go figure.
He would sign, but not encrypt, and he might use a different key IMHO.
Ulrich
Christian Meyn
>If a business allows their business critical data to be encrypted with
>unbreakable crypto, without the ability to recover that data if the one
>employee with the key walks in front of a bus tomorrow, then that business
>has a non-zero probability of being in really big trouble one of these
days.
>
>trouble they will be in if they find one day that they cannot access their
>corporate personnel and/or payroll and/or tax records.
IMHO there is - as Lutz has pointed out - a significant difference between
storage of data (in which case a backup copy of the key is vital) and
communication (where privacy needs to be protected). You do not store
everything you send or receive. If you rely on electronic records, you can
simply use a different key for storage. On the other hand, if you implement
a CMR system, this opens the field for wide range wiretapping.
Christian
Paul Winalski
Lutz Donnerhacke wrote:
>
> If he uses a storage tool for bussiness enviroments, it will prevent this
> scenario. If he uses a mailing tool for communication, it it fine.
What do you mean by the term "storage tool"? Or "mailing
tool", for that matter?
Also, your last sentence doesn't parse. When you said
"it it fine", what did you mean to say?
--PSW
Lutz Donnerhacke
* Paul Winalski wrote:
>Lutz Donnerhacke wrote:
>> If he uses a storage tool for bussiness enviroments, it will prevent this
>> scenario. If he uses a mailing tool for communication, it it fine.
>
>What do you mean by the term "storage tool"? Or "mailing
>tool", for that matter?
Software used for sending email and software used for storing secret data.
>Also, your last sentence doesn't parse. When you said
>"it it fine", what did you mean to say?
The scenario decribed in the deleted quote.
Anthony E. Greene
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 12 Jan 1998 15:49:06 +0100, "Christian Meyn" <meynchri at uni
trier.de> wrote:
>>If a business allows their business critical data to be encrypted with
>>unbreakable crypto, without the ability to recover that data if the one
>>employee with the key walks in front of a bus tomorrow, then that
business
>>has a non-zero probability of being in really big trouble one of these
>days.
>>
>>I do not see how the business location has anything to do with how much
>>trouble they will be in if they find one day that they cannot access
their
>>corporate personnel and/or payroll and/or tax records.
>
>IMHO there is - as Lutz has pointed out - a significant difference between
>storage of data (in which case a backup copy of the key is vital) and
>communication (where privacy needs to be protected).
You are making the assumption that the data being communicated is owned by
the employee. If I pay someone to compose and deliver a letter, do I lose
my rights over that letter just because I hired someone else to compose and
deliver it? Of course not. That data is *mine* and I have every right to
recover it and read it at any point in the process.
This discussion is about *business data* not personal data.
PGP for Business Security is a *company* lock. If individuals chose to lock
their personal property with a company lock, they can't complain that the
company has access to their property.
Companies may choose to allow employees to share use of company locks. But
let's not loose sight of the fact that PGP for Business Security is a
*company* lock.
If employees don't like the idea that the company can open it's own locks,
then like anyone else with property to protect they should buy their own
locks instead of using someone elses.
Tony
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCdAwUBNLpvxURUP9V4zUMpAQFWwAQ7BZUvjGUfK1oWCkmI23EIa17E1++jyufW
aE7t+a/i4vDq4XFQiIoGcAHEl1rDylFj6bZ2jduoKm1KL27cOieR26WoqCpG/Lmm
92F6xfgu6r/hJFyIi6dBKNfYTtIciaNOLfKJEJELLjz/3SS2/eB7LMH0AgtStzLq
ubcEskKp41rnzHp9b1geag==
=hPWK
Lutz Donnerhacke
* Anthony E. Greene wrote:
>You are making the assumption that the data being communicated is owned by
>the employee. If I pay someone to compose and deliver a letter, do I lose
>my rights over that letter just because I hired someone else to compose and
>deliver it? Of course not. That data is *mine* and I have every right to
>recover it and read it at any point in the process.
>
>This discussion is about *business data* not personal data.
This is only true in USA an surrounded countries.
David Howe
On Fri, 02 Jan 1998 21:25:48 GMT, anon...@anonymous.net (Justin D.
Paine (since the anon seems to bug people)) wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Fri, 2 Jan 1998 19:05:26 +0100 (MET), nob...@REPLAY.COM (Anonymous) wrote:
>
><snip>
>>
>>Only reliable PGP is PGP2.6.3i. Never use Windows based, commercial,
>>US-version etc. PGPs.
>>
>
>This is the stupidest thing I have ever heard. You are obviously on a crusade
>to spread disinformation about PGP.
>
I don't really like windows based stuff - too much happening in the
background out of your control - but this is a programmers preference,
not a cryptographers.
If you are sufficiently paranoid, then a dos command line version
*should* be marginally more secure than a windows gui. however, this
preassumes that you boot from a boot disc you carry with you at all
times, that checksums the bios, that you compiled the source of 2.6.3i
yourself using a c compiler you also wrote yourself in hex bytes, that
you have used a debugger that you wrote yourself in hex bytes to check
your dos boot disk for hidden trapdoors etc etc etc.
In the "real" world, for a equal key size, both windows gui and dos
command line versions should be equally secure.
>Justin
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP for Business Security 5.5
^^^
Not happy about this thing though - but not my problem. In theory, if
ONE member of your organisation is caught doing something naughty,
then a law enforcement official could probably demand the company key
and decode ALL message traffic for everyone there.
I suppose that the benefits more than outweigh the risks though.
>Comment: SatCom, Inc. http://www.spacesat.com
>
>iQA/AwUBNK1bQ/gHQYBKSqYdEQII9QCfUmPbMMEEeissrTnlopDquLiDWQwAoLIi
>hb43qqdu2448RDIf02gBng0o
>=v5Uj
>-----END PGP SIGNATURE-----
>
>Justin D. Paine
>PGP Key Type: DSS/Diffie-Hellman Key ID: 0x4A4AA61D Size: 1024/2048
>Fingerprint: CC15 3F68 F325 2129 DDB7 3F71 F807 4180 4A4A A61D
>
>
>
__--== DHowe (is at) Tecsun.Demon.CoUk ==--__
Ron Heiby
lu...@taranis.iks-jena.de (Lutz Donnerhacke) wrote:
>>This discussion is about *business data* not personal data.
>
>This is only true in USA an surrounded countries.
Good grief, Lutz! That's where PGP for Business Security is being sold!
--
Ron.
Lutz Donnerhacke
Do you have an quite good interpretation for the same active source in the
private edition?
Lindsay Mathieson
On 13 Jan 1998 07:40:46 GMT, lu...@taranis.iks-jena.de (Lutz
Donnerhacke) wrote:
>* Anthony E. Greene wrote:
>>[snip]
>>
>>This discussion is about *business data* not personal data.
>
>This is only true in USA an surrounded countries.
? What does that mean ? Many other countries besides America have
business data, and they will want to encrypt & recover it as well.
Lutz Donnerhacke
* Justin D. Paine (since the anon seems to bug people) wrote:
>>Do you have an quite good interpretation for the same active source in the
>>private edition?
>
>respond to a CMR key, but you cannot configure the software to force someone
>to use a CMR key, like the business edition does)
It's enough, isn't it?
Lutz Donnerhacke
>> without snooping every communication.
>
>Which companies have you been working for? Those I've seen didn't care and
>didn't have any processes to enforce documentation.
Which companies have you been working for? Did they still exist?
Lutz Donnerhacke
* Lindsay Mathieson wrote:
>>>This discussion is about *business data* not personal data.
>>
>>This is only true in USA an surrounded countries.
>
>? What does that mean ? Many other countries besides America have
>business data, and they will want to encrypt & recover it as well.
It means, that bussiness data in transist must not recoverable, despite
stored bussiness data.
Lutz Donnerhacke
* Justin D. Paine (since the anon seems to bug people) wrote:
>wants to encrypt to the CMR key, and if you use 5.x for personal use, you can
>ALWAYS deselect the key.
So the policy enforcer woll block und bounce your mail. You have to leave it
inside.
Ron Heiby
* Anthony E. Greene wrote:
>the employee. If I pay someone to compose and deliver a letter, do I lose
>my rights over that letter just because I hired someone else to compose and
>deliver it? Of course not. That data is *mine* and I have every right to
>recover it and read it at any point in the process.
>
lu...@taranis.iks-jena.de (Lutz Donnerhacke) wrote:
>This is only true in USA an surrounded countries.
I wrote:
>Good grief, Lutz! That's where PGP for Business Security is being sold!
lu...@taranis.iks-jena.de (Lutz Donnerhacke) wrote:
>Do you have an quite good interpretation for the same active source in the
>private edition?
Lutz, you seem to be confusing your conversation threads, here. Anthony
pointed out that the data being discussed belongs to the employer. You said
that this is only true in the USA (et al). I pointed out that that is where
the Business Security version is being sold. You bring up another version of
PGP.
Yes, the Personal Privacy version will encrypt to the CMR set up for
someone's key, if you encrypt a message to that person, and have the CMR key
in your keyring. Yes, I understand that you (unlike most people) are not
using a version of PGP that gives much/any warning about this at the time
you encrypt your message. So what?
If I decide to correspond with someone working for a company that has
enabled CMR, that person will probably warn me that this is the case. Even
if he/she does not, I can examine their key on my keyring and see whether it
has a CMR key. The vast majority of us do not have to do this, anyway, as we
see that CMR key (if it exists) in the popup showing the encryption keys
being used.
From earlier posts, it seems that you are not in the US/Canada. That means
that your version of PGP, if legally obtained, is based on the PGP source
that was exported in book form and scanned in. If you don't like the way the
CMR stuff is implemented in your copy, then change it and feed your changes
back to PGP, Inc. It's entirely within your control. Stop bitching about it
and change it if you don't like it.
--
Ron.
Ron Heiby
lu...@belenus.iks-jena.de (Lutz Donnerhacke) wrote:
>So the policy enforcer woll block und bounce your mail. You have to leave it
>inside.
Yes. Like we've said before. You understand this just fine. If you want to
correspond with someone in this position, then tell them to get themselves a
personal Email address somewhere, rather than using their employer's
computer system for your personal private Email that you do not want the
employer to read.
--
Ron.
Ron Heiby
lu...@belenus.iks-jena.de (Lutz Donnerhacke) wrote:
>It means, that bussiness data in transist must not recoverable, despite
>stored bussiness data.
You are still really confused about this. business data is business data,
whether it is in transit or stored somewhere. Either way, it is up to the
owner of that data, not the employee, as to how it is encrypted.
--
Ron.
Jumpin Jack Flash
Hash: SHA1
Ron:
For what ever reason, nobody wants to mention the theft of company information.
This is
the main reason that many companies won't use a cryptographic system that
doesn't allow
them to recover their information. The original files may have been deleted by
a
knowledgeable employee, and or the ability to discover a theft of information
which
would, or could be, disastrous to the company.
There needs to be privacy within the corporate structure, such as bathrooms, but
in the
handling of company information I don't think that personnel privacy applies.
What ever
processes a company uses to handle information must retain the ability for
quality control,
along with the ability to secure information from all others, except as assigned
to certain
personnel, information that could be damaging to a company in the case of loss.
This
would include any process, among others, used in the production or distribution
of goods,
and anything that relates to conducting business in the open market place.
As an employee, all time and effort expended during the working day belongs to
the
employer while in the working environment, and should be left at the place of
employment
upon departure. A employee is paid to conduct the business of the company.
These same legal applications protect the employee from home invasion, etc.
It's a two
edge sword.
Hay.......
Jumping Jack Flash
gif...@mindspring.com
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5.2
Comment: There is no gravity, the earth just sucks!
iQA/AwUBNL4cJ/uyFRtOy+yqEQLyGACg72gdZH0raObICoTAon7XpPD0GS0AoKbl
oa5OBjjVruB8MJuotvghdwFf
=wCr6
-----END PGP SIGNATURE-----
an...@unicorn.com
In article <34c0a2e1....@news.mcs.com>,
hei...@falkor.chi.il.us (Ron Heiby) wrote:
> You are still really confused about this. business data is business data,
> whether it is in transit or stored somewhere. Either way, it is up to the
> owner of that data, not the employee, as to how it is encrypted.
Geez, I go off on vacation for a few weeks, and this thread is still
running when I get back, and people are still spouting the same
non-responses to the same questions.
"CMR is inept," "Companies have a right to read email," etc, etc.
Can I make a suggestion to break this loop? Pretend I'm CEO of Foo-Bah,
Inc, and I'm coming to you for an encryption solution for my company's
data; stored data, confidential internal communications, external orders,
confidential external communications, etc. Now explain to me how I would
use CMR for this purpose, and why I should prefer it to other
alternatives such as key escrow, centralised storage of plaintext email,
group keys, etc, etc.
Mark
(anti-spam header: send email replies to mark @ unicorn.com)
-------------------==== Posted via Deja News ====-----------------------
http://www.dejanews.com/ Search, Read, Post to Usenet
B. Vermo
In article <69dcgn$5...@news01.uni-trier.de>,
"Christian Meyn" <meynchri at uni-trier.de> wrote:
| ... You do not store
|everything you send or receive.
You do not?
Here, the law demands ten years archival storage of all non-verbal
communications to or from a company. You never know beforehand
what you might be required to prove in a court in five years. If you
cannot prove you actually sent something by email, you might lose
and possibly go bankrupt or even land in jail.
Ron Heiby
-----BEGIN PGP SIGNED MESSAGE-----
an...@unicorn.com wrote:
>Can I make a suggestion to break this loop? Pretend I'm CEO of Foo-Bah,
>Inc, and I'm coming to you for an encryption solution for my company's
>data; stored data, confidential internal communications, external orders,
>confidential external communications, etc. Now explain to me how I would
>use CMR for this purpose, and why I should prefer it to other
>alternatives such as key escrow, centralised storage of plaintext email,
>group keys, etc, etc.
I don't have much time right now to give a detailed answer to all this
again. However, a couple of quick points.
With the use of CMR, you can, if necessary, recover the plaintext of any
stored data, confidential internal communications, external orders,
confidential external communications, etc. If the person whose keys are used
to encrypt the data is unavailable, you go through your corporate procedures
to gain access to the data by using the CMR key.
CMR does not impose the kind of major key management headaches that key
escrow would impose. Further, a key escrow approach means that you *cannot*
allow your employees to send private, encrypted Email, even if you want to
let them, because their keys are in your posession.
Storing plaintext Email, AND ALL OTHER ENCRYPTED DOCUMENTS, WHETHER EMAILED
OR NOT, requires that the centralized store be protected *extremely* well.
Its backups must be protected *extremely* well. Anyone who gains physical
access to the room, including the operators and janitors, have potential
access to the company's most secret data. Further, exactly how do you get
that plaintext from your world-wide offices to the centralized server
without taking a chance on them being intercepted? Also, don't forget that
something this valuable must have an off-site disaster recovery backup,
including system and all data. And, that off-site center must have at least
as good security as the one at corporate headquarters.
BTW, I am not aware of anything to prevent you from having multiple CMRs,
set up on a group basis rather than a single one for the entire corporation.
That would seem to be the smart way of doing things, anyway.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBNL5nw+ukCaFXG1W9AQHTFwf/Suxa8HRATnYfX3L1+sEqJf1wLFq/bPoh
NP6a03RMBaKmxGDS2CuBaWHlrtUw7z9eBqv00TiUu8M7+VmMc1IrPnJspX9HNspO
/ul8Ly6iT+7F81LTIxu0mH+ym5UD6DR8O/1ePBQTDanvm1MI8brxAjMp/wNLf8S/
2bqVc8VOPPLQgJzcZSsy7C5c0jTuGzNyp9NaVNxpMDNVufgLxyjrBQorYoCqIIwt
5qcb9Mf2hNIYNiK1Z/DykqsKrdc/xlN5LeWvbYk/pyqjNkkVQhBGlyyqWwmDBB3V
mzwtHfjF5rzSoL3tOfv0koF9oyJAGvLh+aXqTo0wiUHNubxB4WowTw==
=Q3e3
-----END PGP SIGNATURE-----
--
Ron.
Lutz Donnerhacke
* Harald Milz wrote:
>Aaaaargh. You sure mean "needs not be recoverable" and this is not
>true. Again, for example: I send an e-mail message to a customer,
>containing secret customer firewall configuration data, and I have to
>keep an exact copy of this very single e-mail to prove at a later time
>that it was not the content of this e-mail which broke the customer's
>firewall config if it breaks. Got it?
Sure, you need a recoverable storage of this data. You do not need a
recoverable communication channel.
>interested in my employees' private conversation (which they could hide
>using steganography if they liked) but I need access to their business
>conversation in such cases.
They should document those or store it recoverable. How to you try to access
deleted data?
>I am not interested in reading some 35KB posting originating from ccc.de.
But it would help you to understand the problem.
>I pretty much doubt the worldwide industry will allow a single government
>to force the usage of an encryption tool which encrypts to a government
>key. They have to keep their company secrets and will put pressure on such
>governments.
You should read the SAFE hearings. Especially the NSA guys.
Jumpin Jack Flash
Hash: SHA1
Harald:
Sorry, but on one point I have to disagree with you. It has been done already
in many
industries through consent! An example is AT&T already installed nation wide,
and this
includes several foreign countries, "a switching system to allow the US Gov. to
ease drop
on all conversations domestically and foreign." It uses a very sophisticated
voice
recognition program that homes-in on words, and if what they deem an appropriate
word
is said, it will record all conversations from that number, and the receiving
number until it
is purposefully stopped.
You realize, I hope, that an intelligence agency does not have to have a court
order to tap
a phone, and neither do the police. It just means that if a court order has not
been issued
by a judge, the information that is collected cannot be used in a court of law.
Do not
make the mistake and construe this to mean that it cannot be used to catch you
committing a crime. The crime in itself is prima fascia evidence, and stands on
it's own.
On the same basis, many of the so called cryptographic producers, in this
country, have
already escrowed keys for the Federal Gov.. Maybe you haven't noticed, when was
the
last time that you voted a law into effect?
Certain things have been deemed as a potential breach to security, and dangerous
to the
nation, and because of this it's not a matter of choice as to what becomes law
in these
matters. What makes you think a backdoor to PGP is not being written right now
by
McAfee?? It's going to take a lot to convince me otherwise, and I am X-NSA.
Hay.....
Jumpin Jack Flash
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5.2
Comment: The main ingredient for strong encryption is privacy!
iQA/AwUBNMEgA/uyFRtOy+yqEQK2sgCdF9cCMW4DYxzCi0FVF+MWyaG+v3EAoK7K
rVvBIh9l0n6yL0VIOZeG+ptn
=iA66
-----END PGP SIGNATURE-----
Rene Laederach
Hello Justin!
Justin D. Paine (since the anon seems to bug people) typed this on Fri, 02
Jan 1998 21:25:48 GMT about 'Re: backdoor in pgp5.0i?':
JDPtastbp> > Only reliable PGP is PGP2.6.3i. Never use Windows based,
JDPtastbp> > commercial, US-version etc. PGPs.
JDPtastbp>
JDPtastbp> This is the stupidest thing I have ever heard. You are
JDPtastbp> obviously on a crusade to spread disinformation about PGP.
Windows-based is true, if you forget to wipe the temporary files.
--
FIDO: 2:301/133 & 135 | Member We're returning!
Internet mu...@snoop.alphanet.ch | Team AMIGA - the true avantgarde
an...@unicorn.com
In article <34bf64de...@news.mcs.com>,
hei...@falkor.chi.il.us (Ron Heiby) wrote:
> With the use of CMR, you can, if necessary, recover the plaintext of any
> stored data, confidential internal communications, external orders,
> confidential external communications, etc.
Yes, but how exactly would this work? Who would have access to what keys
to recover what data?
> If the person whose keys are used
> to encrypt the data is unavailable, you go through your corporate procedures
> to gain access to the data by using the CMR key.
But this was the original question; what kind of procedures would a
company have for this kind of access? Past threads have suggested
variations from company security snooping at will to CMR keys
secret-shared so that you'd need several of the highest-ranking people at
the company to access them. I've yet to see a good example of a CMR-based
system which doesn't have major problems.
> CMR does not impose the kind of major key management headaches that key
> escrow would impose.
In what way? Both require restricted access to a key management database.
> Further, a key escrow approach means that you *cannot*
> allow your employees to send private, encrypted Email, even if you want to
> let them, because their keys are in your posession.
Uh, sending it privately is simple; you don't have the keys *of the people
they're sending mail to* so you can't read any outgoing messages. This is
why such a system would have to store the plaintext instead. Sending
private email into the company wouldn't be possible, but this is where
you could have seperate keys for company and confidential email, one
escrowed, one not.
> Storing plaintext Email, AND ALL OTHER ENCRYPTED DOCUMENTS, WHETHER EMAILED
> OR NOT, requires that the centralized store be protected *extremely* well.
Yes, but it can be stored on an encrypted partition whose passphrase is
known only to the appropriate people. That's more secure than having the
recovery information on every message you send; for a competitor to steal
the data they need access to the server and the key, whereas to recover
CMR messages they only need to steal the CMR key.
> Its backups must be protected *extremely* well. Anyone who gains physical
> access to the room, including the operators and janitors, have potential
> access to the company's most secret data.
Same for CMR keys. I don't think I was clear enough when I wrote the
original message; I was assuming that the data would be stored in an
encrypted form, just like the company's other stored data.
> Further, exactly how do you get
> that plaintext from your world-wide offices to the centralized server
> without taking a chance on them being intercepted?
You don't really need to; the idea in this case is to store important
data so that it can be resent if the message is lost. In this case it's
only being stored centrally on the company server because that's the
easiest way to do it. Each office can perform their own local storage
for as long as neccesary; I assume old messages would be trashed every
few months.
an...@unicorn.com
In article <34BE1C33...@mindspring.com>,
Jumpin Jack Flash <gif...@mindspring.com> wrote:
> For what ever reason, nobody wants to mention the theft of company
information.
> This is
> the main reason that many companies won't use a cryptographic system that
> doesn't allow
> them to recover their information.
So why would they use CMR, when PGP Inc employees have publically stated
that you can prevent data recovery by putting garbage in the CMR field?
CMR does not guarantee corporate access to data, unlike key escrow or
centralised storage.
Lutz Donnerhacke
* an...@unicorn.com wrote:
>So why would they use CMR, when PGP Inc employees have publically stated
>that you can prevent data recovery by putting garbage in the CMR field?
>CMR does not guarantee corporate access to data, unlike key escrow or
>centralised storage.
It's not true the policy enforcer can check if there is garbage or a real
session key. It can also detect superencryption.
Ron Heiby
an...@unicorn.com wrote:
>In article <34bf64de...@news.mcs.com>,
> hei...@falkor.chi.il.us (Ron Heiby) wrote:
>> With the use of CMR, you can, if necessary, recover the plaintext of any
>> stored data, confidential internal communications, external orders,
>> confidential external communications, etc.
>
>Yes, but how exactly would this work? Who would have access to what keys
>to recover what data?
If you want a security system set up for your business, please contact me
via Email. I am sure that my consulting firm would be happy to help you.
>> CMR does not impose the kind of major key management headaches that key
>> escrow would impose.
>
>In what way? Both require restricted access to a key management database.
With CMR, there is a *very* small number of keys that almost never change.
This is a lot easier to manage than a large number of keys in a set that is
continually changing.
>Uh, sending it privately is simple; you don't have the keys *of the people
>they're sending mail to* so you can't read any outgoing messages.
Some businesses cannot tolerate the ability of their employees to use the
company computer and communications mechanisms to send personal Email.
Others can. For those that can, they can set up procedures in such a way
that it is allowed. For those that cannot, they can set up procedures in
such a way that it is not allowed.
>Yes, but it can be stored on an encrypted partition whose passphrase is
I believe that you have a naive vew of how difficult managing a centralized
store of data is.
>> Further, exactly how do you get
>> that plaintext from your world-wide offices to the centralized server
>> without taking a chance on them being intercepted?
>
>You don't really need to; the idea in this case is to store important
>data so that it can be resent if the message is lost. In this case it's
>only being stored centrally on the company server because that's the
>easiest way to do it. Each office can perform their own local storage
>for as long as neccesary; I assume old messages would be trashed every
>few months.
If you are going to be making simplifying assumptions like these, then there
are lots of possibilities available. You are assuming:
- I need the data only in case a message is lost.
- Because of this, I need the data for a relatively short period of time.
- I do not need to be concerned about data other than messages.
- Each office has the expertise and security to hold a large amount of
sensitive data on their own server.
- I do not need to archive the data indefinitely.
--
Ron.
an...@unicorn.com
In article <slrn6c6od...@belenus.iks-jena.de>,
lu...@belenus.iks-jena.de (Lutz Donnerhacke) wrote:
> It's not true the policy enforcer can check if there is garbage or a real
> session key. It can also detect superencryption.
Is this ability documented somewhere? To validate the messages the
enforcer would require the CMR key to decrypt the messages. This would
invalidate numerous claims by the CMR-supporters of the difficulty of
stealing the key.
It also wouldn't work for stored data (I think this was the original line
of the thread) unless you have a program scanning the network for PGP
encrypted files and decrypting them.
an...@unicorn.com
In article <34c408dc...@news.mcs.com>,
hei...@falkor.chi.il.us (Ron Heiby) wrote:
> If you want a security system set up for your business, please contact me
> via Email. I am sure that my consulting firm would be happy to help you.
Uh, you see, this is the problem I have with CMR advocates... one minute
you're all talking about how wonderful CMR is, but the moment I ask how a
company would really, actually use it so that we can look at the security
implications, you turn tail and run. How are we supposed to decide
whether CMR is useful or a crock'o'shit without looking at how a CMR-ed
system would work? I'll assume it's snake-oil and advise anyone who asks
me to avoid PGP until I have some reason to believe otherwise.
> With CMR, there is a *very* small number of keys that almost never change.
> This is a lot easier to manage than a large number of keys in a set that is
> continually changing.
It's also a massive security hole if the keys almost never change; get
one of those keys and you can read a vast amount of the company's mail.
At least if someone steals an escrowed key they can only read one user's
mail.
> Some businesses cannot tolerate the ability of their employees to use the
> company computer and communications mechanisms to send personal Email.
And this is entirely irrelevant to the point I was answering; you were,
if I remember correctly, talking about how key escrow would allow
companies to read outgoing mail, and I pointed out that it wouldn't allow
any such thing. You're now back onto the old "companies have a right to
read mail" business, which is completely irrelevant.
> I believe that you have a naive vew of how difficult managing a centralized
> store of data is.
It's a lot easier than using CMR to retrieve important messages from mail
spools, or from sent-mail folders on machines all over the company. Much
better to have one secure server. You need somewhere to store your
important data!
> If you are going to be making simplifying assumptions like these, then there
> are lots of possibilities available. You are assuming:
My 'simplifying assumptions' were the original conditions that CMR was
claimed to meet; Corporate Message Recovery if an encrypted message was
lost or could not be read for some reason.
> - I need the data only in case a message is lost.
Of course you do; what other purpose does CMR serve? Are you storing
important data in mail-spools?
> - Because of this, I need the data for a relatively short period of time.
> - I do not need to be concerned about data other than messages.
Uh, no, because those are stored encrypted on local host or central
server, with escrowed keys if neccesary. Why would you use public-key
encryption for data storage?
> - Each office has the expertise and security to hold a large amount of
> sensitive data on their own server.
> - I do not need to archive the data indefinitely.
These two are, of course, totally contradictory. How are you going to
archive your messages indefinitely if you don't have a secure server!
Lutz Donnerhacke
* an...@unicorn.com wrote:
>In article <slrn6c6od...@belenus.iks-jena.de>,
> lu...@belenus.iks-jena.de (Lutz Donnerhacke) wrote:
>> It's not true the policy enforcer can check if there is garbage or a real
>> session key. It can also detect superencryption.
>
>Is this ability documented somewhere? To validate the messages the
>enforcer would require the CMR key to decrypt the messages. This would
>invalidate numerous claims by the CMR-supporters of the difficulty of
>stealing the key.
I don't know if and where it is documented. Of course without the CMR key it
can't be done.
B. Vermo
In article <34C1200E...@mindspring.com>,
|a court order to tap a phone, and neither do the police. It just means
|that if a court order has not been issued by a judge, the information
|that is collected cannot be used in a court of law.
You realize, I hope, that this could lead to prosecution of the
police, intelligence operative or whatever in most democratic countries?
And that it would at the very least lead to heads rolling if not
actual prosecution and prison sentence?
Or that any sensible company will treat telephone lines as unsafe,
because they are likely to be tapped by criminal eavesdroppers?
No sensible executive will ever allow important information to be
sent on unencrypted channels, or by encryption software which is
not verifiably free of back doors of any kind. Nor will thay accept
any encryption which could be compromised by a foreign government,
since they are likely to be involved in industrial espionage. And, to
be on the safe side, they might pay lip service to their own government
and accept key escrow but only after encrypting the message with
another, unbreakable method first. No government can prosecute for
this without admitting they had broken their own laws by using an
escrowed key for no good and legal reason.
On the other hand, nobody will allow company messages to be sent
with only an employee-private key, either. To have proof of what is
sent, the mail server will have to log the encrypted messages. You
can no more rely on individual storage electronic correspondence
than you can get away with not using a journal for paper mail, with
every outbound letter entered and every incoming letter timestamped
and registered.
Ron Heiby
lu...@taranis.iks-jena.de (Lutz Donnerhacke) wrote:
>I don't know if and where it is documented. Of course without the CMR key it
>can't be done.
You do not need the CMR key to see that a message has apparently been
encrypted to that key. The key id of the keys to which the file is encrypted
can be known without decrypting, right?
Of course, someone can go in and screw with this, I suppose. If they did,
though, it would be pretty clear evidence of criminal intent. You couldn't
very well claim to have "accidentally" constructed a program that forged the
key id, right?
I would be *very* surprised if the CMR secret key were present on the
system.
--
Ron.
Lutz Donnerhacke
* Ron Heiby wrote:
>Of course, someone can go in and screw with this, I suppose. If they did,
>though, it would be pretty clear evidence of criminal intent. You couldn't
>very well claim to have "accidentally" constructed a program that forged the
>key id, right?
No. My OpenPGP implementation forges the CMR key by intent. It also forges
such a session key for the MRK, that it will pass any test.
Ron Heiby
an...@unicorn.com wrote:
>In article <34c408dc...@news.mcs.com>,
> hei...@falkor.chi.il.us (Ron Heiby) wrote:
>> If you want a security system set up for your business, please contact me
>> via Email. I am sure that my consulting firm would be happy to help you.
>
>Uh, you see, this is the problem I have with CMR advocates... one minute
>you're all talking about how wonderful CMR is, but the moment I ask how a
>company would really, actually use it so that we can look at the security
>implications, you turn tail and run.
My company gets paid to do the kind of detailed work you asked for. I
offered to talk with you about how we could arrange for that to happen. This
is hardly a matter of "turn tail and run", unless it is on the part of he
who is not prepared to pay for what is a fairly significant effort.
>It's also a massive security hole if the keys almost never change; get
>one of those keys and you can read a vast amount of the company's mail.
>At least if someone steals an escrowed key they can only read one user's
>mail.
The way I view most CMR arrangements, the CMR key(s) would almost never
change, because they would almost never be used. If they are stuck away in
the corporate vault (plus backup elsewhere), with access strictly
controlled, then it does not need to be a "massive security hole". What
makes you think that if someone manages to steal a user's escrowed key that
they would be able to steal only one? Are you suggesting that we have
*multiple* locations for the escrowed user keys, one location per key? Talk
about logistical nightmares!
>> Some businesses cannot tolerate the ability of their employees to use the
>> company computer and communications mechanisms to send personal Email.
>
>And this is entirely irrelevant to the point I was answering; you were,
>if I remember correctly, talking about how key escrow would allow
>companies to read outgoing mail, and I pointed out that it wouldn't allow
>any such thing. You're now back onto the old "companies have a right to
>read mail" business, which is completely irrelevant.
No. I am saying that different companies have different needs. If a company
does not need to have access to all encrypted Email, there is nothing to
force them to establish procedures that would ensure that they had such
access with the PGP CMR system. Sure, you could set up a system with keyed
escrow that would allow private messages. But, you can also set up a system
with the CMR system that would allow private messages. If a business wants
to allow it, they can allow it. If a business does not want to allow it,
they can prevent it. Customer's choice.
>It's a lot easier than using CMR to retrieve important messages from mail
>spools, or from sent-mail folders on machines all over the company. Much
>better to have one secure server. You need somewhere to store your
>important data!
I am willing to agree to disagree on this point.
>> If you are going to be making simplifying assumptions like these, then there
>> are lots of possibilities available. You are assuming:
>
>My 'simplifying assumptions' were the original conditions that CMR was
>claimed to meet; Corporate Message Recovery if an encrypted message was
>lost or could not be read for some reason.
You do not understand why CMR exists.
>> - I need the data only in case a message is lost.
>
>Of course you do; what other purpose does CMR serve? Are you storing
>important data in mail-spools?
The main purpose CMR serves is if the PERSON is lost. I don't think that we
are really concerned here with the transient mail spool areas. We may be
interested in an archive of sent/received Email. We may also be interested
in encrypted files that have never seen the mail system.
>> - Because of this, I need the data for a relatively short period of time.
>> - I do not need to be concerned about data other than messages.
>
>Uh, no, because those are stored encrypted on local host or central
>server, with escrowed keys if neccesary. Why would you use public-key
>encryption for data storage?
You are going back to wanting to escrow keys to solve your problems. I
continue to maintain that this causes more headaches than it causes. You
want to use a public-key encryption system to simplify key management. If
you are storing the data on a central server, the data must be encrypted
before transmission to that central server. If you are storing the data on a
local host, you must have the staff at the remote sites to support it. In
order to have backups of your critical data, you must still encrypt it for
backup purposes.
>> - Each office has the expertise and security to hold a large amount of
>> sensitive data on their own server.
>> - I do not need to archive the data indefinitely.
>
>These two are, of course, totally contradictory. How are you going to
>archive your messages indefinitely if you don't have a secure server!
You are not reading carefully. You are assuming that every office has the
expertise and security to maintain that secure server. Because you assume
that this is the case, you are willing to maintain your secure servers
scattered all over the globe. Although a CMR system allows you to do this,
it does not require it. If you have a salesperson with a secretary in an
office, with no other on-site support staff, how are you going to maintain
your secure server out there? With a CMR system, you can archive the
encrypted information, that traverses the internal network or Internet in
encrypted form, on a centralized server that is maintained by the expert
staff at that central site. That is where your secure server is located,
where the messages are stored indefinitely.
--
Ron.
Daniel Haude
> You are going back to wanting to escrow keys to solve your problems. I
> continue to maintain that this causes more headaches than it causes.
Now THAT really would be a hell of a headache!
(sorry, couldn't resist)
--Daniel
@caribbeanlink.com Leon McCalla
I'm inclined to believe that there are backdoors in the comercial PGP. PGP
was more or less suppressed for 20 years then suddenly its readily
available!!!! if there isn't a backdoor weakness, the gov't probably has a
huge file of all the prime numbers. having a list of all the prime numbers
proabably makes things a lot easier when trying to factor the key. Also i
read that a PGP cracking machine could be built with something like
5,000,000 processors running in parallel. these custom made processor would
do nothing other than crack for a cost of about 5 Billion.
Maybe i'm paranoid but 5 billion is nothing to pay if you can decode every
secret on the planet.
Anthony E. Greene
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 22 Jan 1998 19:04:57 -0500, "Leon McCalla" <leon @ caribbeanlink.
com> wrote:
>I'm inclined to believe that there are backdoors in the comercial PGP.
Fine. The complete source for the platform-independent and Win95/NT
versions of PGP 5.5x is at <http://www.pgpi.com/>. It includes the source
for the business version.
I'm from Missouri. Show Me.
Tony
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3i
Comment: What is PGP? <http://www.pobox.com/~agreene/pgp/>
iQCdAwUBNMfcF0RUP9V4zUMpAQGMVQQ5AWliQ+xHGGNND+6JRFuoY2tejFWlaSbi
cZC886If2vS6aV8sZT8b5fm4ncnCDjOBvCBGgIt1qv4/Yw6c9/O4HmjCCqnvhoDJ
nFxN1QN/DacQVAoa/zhOmUb0bSdAKi5EyscUdESbbV6Ck6dudqPA9syXH+f5Sgsb
xQrOVh+iZW9Zvz6UOISN6w==
=4Ezs
-----END PGP SIGNATURE-----
P.S. PGPFreeware 5.5x users will not be able to verify this
signature, although I can verify theirs. Get PGPfreeware 5.0/5.0i
or PGP 5.5x w/RSA and be compatible with *all* other PGP users.
-------------------------------------------------------------
Anthony E. Greene <NoS...@pobox.com> NoSpam=agreene
Use PGP -- Envelopes and Signatures for Email
What is PGP? <http://www.pobox.com/~agreene/pgp/>
My PGP Key: <http://www.pobox.com/~agreene/pgp/agreene.key>
FREEWARE Win95 PGP 5.0: <http://web.mit.edu/network/pgp.html>
-------------------------------------------------------------
Lutz Donnerhacke
* Justin D. Paine (since the anon seems to bug people) wrote:
>Why do you insist on gereralizing?
Sorry.
>1. Slander PGP Inc. for making a version useful to the business community.
>(apparantly a streak of socialism runs deep in your persona)
>
>2. Slander the US and it's capitalist form of government/commerce.
No, I try to understand what motivates PGP Inc.
Anthony E. Greene
-----BEGIN PGP SIGNED MESSAGE-----
On 23 Jan 1998 07:42:48 GMT, lu...@taranis.iks-jena.de (Lutz Donnerhacke)
wrote:
>* Justin D. Paine (since the anon seems to bug people) wrote:
>>Why do you insist on gereralizing?
>
>Sorry.
>
>>1. Slander PGP Inc. for making a version useful to the business
community.
>>(apparantly a streak of socialism runs deep in your persona)
Justin, It's cultural. You have to understand Europeans to see where he's
coming from. I don't agree, but I understand.
>>2. Slander the US and it's capitalist form of government/commerce.
>
>No, I try to understand what motivates PGP Inc.
There's no evidence in this newsgroup of you trying to understand the
motivation of PGP Inc. or of the companies that buy it's software. You have
posted lots of criticism, but no attempts at understanding.
If you have a problem with companies who snoop on employees, then you
should criticize those companies for snooping. Instead, you criticize PGP
Inc.
Do you also criticize companies that make binoculars? They can be used to
snoop on people in their homes, where they have an undeniable right to
privacy. But you don't criticize binocular makers do you? That's because
there are legitimate uses for binoculars that don't have anything to do
with snooping. What about kitchen knives? Do you criticize their makers for
making something that can be used to kill?
There are also legitimate uses for CMR that don't have anything to do with
snooping. If you have a problem with companies using recovery tools to
snoop, then don't criticize the makers of the recovery tools, criticize the
companies that misuse those tools.
If you persist on criticizing the makers of recovery tools, you should
start a thread about the MS-DOS UNDELETE utility and the better tools
available from Norton and others. Any of these can recover data that may
have been deleted for privacy reasons. So you may as well start criticizing
them too. But you won't will you? You seem to be angry at PGP Inc.
specifically. If you won't criticize all these other recovery tools, then
it becomes obvious that your point is not about recovery and snooping, but
about PGP Inc.
CMR is not a snoop tool, any more than a kitchen knife is a killing tool.
Either can be misused. You should spend more time criticizing those that
misuse tools and less time criticizing those that make them.
Tony
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3i
Comment: What is PGP? <http://www.pobox.com/~agreene/pgp/>
iQCdAwUBNMh1QkRUP9V4zUMpAQFkgQQ6Av2fMIRhyBRfOZ7V7KmecfQB1qiPWWHe
UOwxdRnxD/Ki0RhWwcdNaW4D/lcLxSnA5t1WM7jtohyYAAixkYJXKDwmM9AXPOLx
1n817I5LzGUI1rOExYfEBx+vbD/WdOOGOBOyteGBHquZleCFA4epeH0XZJ3s/TVG
krQRn0RYdBxiXYGkvyKoFA==
=OvE0
Lutz Donnerhacke
* Anthony E. Greene wrote:
>There's no evidence in this newsgroup of you trying to understand the
>motivation of PGP Inc. or of the companies that buy it's software. You have
>posted lots of criticism, but no attempts at understanding.
>
>If you have a problem with companies who snoop on employees, then you
>should criticize those companies for snooping. Instead, you criticize PGP
>Inc.
Snooping PGP (called PGP5) causes a lot of trouble in European ministries of
interior. They use it as a proof that email snooping is possible. ... I do
not only criticise ... please have a look to OpenPGP.
>There are also legitimate uses for CMR that don't have anything to do with
>snooping. If you have a problem with companies using recovery tools to
>snoop, then don't criticize the makers of the recovery tools, criticize the
>companies that misuse those tools.
Revocery is a local problem. There is no need for communication recovery
beside snooping.
G. J. Greetan
If you believe they have a huge list of the prime numbers used, then why
don't you examine the code yourself, and see if any such option exists.
You will find that the numbers chosen are completely random... Jeez,
even when the code is available for public review, people still come up
with half-baked conspiracy theories.
The place with this huge computer you talk of is probably what is housed
in Area 51. The black helicopters are there to keep the place secure
from infiltration, while David Rockafeller reads everyone's encrypted
e-mail. I'm sure this sort of thing will appear on a future X-Files
episode...perhaps you can get royalties.
--
*----------------------------------------------------------------------*
G. J. Greetan
ICQ - 5156282 / AOL Instant Messenger - Merlin XIV
[DO NOT use the "reply" option -- use the link below] <== Read it again!
mailto:%20me...@netnet.net
PGP for Personal Privacy 5.5
RSA Fingerprint: 56DE D22C FFE7 99D2 084C DBA6 5C17 C831
DH/DSS Fingerprint: 023D 6932 A364 7A19 03DB 9E19 6778 DAE6 DC54 79F7
Any key bearing my name, created before 11/24/97, is invalid.
Please disregard those keys.
*----------------------------------------------------------------------*
an...@unicorn.com
In article <34c63f15...@news.mcs.com>,
hei...@falkor.chi.il.us (Ron Heiby) wrote:
> You do not need the CMR key to see that a message has apparently been
> encrypted to that key. The key id of the keys to which the file is encrypted
> can be known without decrypting, right?
But that does you no good whatsoever if it hasn't actually been encrypted
to that key, and people have just followed PGP Inc's advice and put
garbage in the header.
> Of course, someone can go in and screw with this, I suppose. If they did,
> though, it would be pretty clear evidence of criminal intent.
*CRIMINAL* !?!?!? Since when has encryption been a criminal offence? It
might well be against the terms of your employment contract and hence a
sacking offence, but I'd like to see a law which would make it criminal.
And note, THIS IS WHAT PGP INC EMPLOYEES HAVE BEEN TELLING US TO DO IN
ORDER TO COMMUNICATE PRIVATELY WITH THOSE WORKING IN CMR CORPORATIONS.
Go and read the cypherpunks mailing list archives sometime.
an...@unicorn.com
In article <34c6a449...@news.mcs.com>,
hei...@falkor.chi.il.us (Ron Heiby) wrote:
> My company gets paid to do the kind of detailed work you asked for. I
> offered to talk with you about how we could arrange for that to happen.
I'm not asking for detailed work, I'm asking you, as one of the most
vocal advocates of CMR, for an explanation of how a company would
actually use it. CMR advocates try to persuade us that PGP Inc were
correct to incorporate CMR into their previously secure product, but
expect us to rely on hand waving when questioned. This is, after all, a
security newsgroup, and I would hope that most people are aware that it's
the security of the entire system that matters, not the security of an
individual algorithm.
> This
> is hardly a matter of "turn tail and run", unless it is on the part of he
> who is not prepared to pay for what is a fairly significant effort.
It would take no longer than writing most Usenet posts to give an example
of who'd keep keys, which messages would be encrypted with CMR, etc, etc.
> The way I view most CMR arrangements, the CMR key(s) would almost never
> change, because they would almost never be used.
For encryption or decryption?
> If they are stuck away in
> the corporate vault (plus backup elsewhere), with access strictly
> controlled, then it does not need to be a "massive security hole".
But it's also not very useful. What happens when I forget my passphrase
and need the CMR key to retrieve all my encrypted files? Will this be
refused because the key is too valuable to use? As Adam Back has pointed
out in the past, in this case you're going to have to hunt out all the
files I've encrypted in the past, decrypt them with the CMR key and then
reencrypt with my new key. With key escrow, this is a breeze.
> What
> makes you think that if someone manages to steal a user's escrowed key that
> they would be able to steal only one?
Because the keys have to come out of that secure storage sometime. You
can make the storage very secure; secret-shared between various company
executives. But once the key is available, anyone with access can
potentially copy it. If it's an escrowed key then you only lose that
single key, if it's a master CMR key you lose every single message you
ever sent over the Net.
A secret-shared key which has never been used is almost certainly still
secure. A single use renders it potentially insecure. This is a common
and well-accepted objection to Clipper; why wouldn't it apply to PGP?
You could argue that when a dumb user forgets their passphrase all the
backup tapes, archives, floppy disks etc would be brought to a central
data recovery facility and the company executives would perform the
recovery themselves, but I consider it far more likely that some
overworked sysadmin would end up with the key on a floppy disk and trying
to fit in recovery between their other tasks.
> Are you suggesting that we have
> *multiple* locations for the escrowed user keys, one location per key?
You don't need multiple locations for each key if they're secret-shared,
and you don't have to be as concerned about people copying the key if
it's a short-lived personal key rather than an incredibly valuable CMR
master key; the latter could well be worth billions of dollars, the
former probably thousands.
> But, you can also set up a system
> with the CMR system that would allow private messages. If a business wants
> to allow it, they can allow it. If a business does not want to allow it,
> they can prevent it. Customer's choice.
That's not the question: the question is, is it secure? I would strongly
suggest that a system with a single master-key is inherently insecure.
> You do not understand why CMR exists.
No, because different advocates here keep saying different things. I'm
not sure that even PGP Inc understand why it exists, except as a fancy
acronym for their press-releases.
> The main purpose CMR serves is if the PERSON is lost. I don't think that we
> are really concerned here with the transient mail spool areas.
Then why are you using it to encrypt that mail? Even if you are going to
use CMR, why not just use it for the saved copy of the outgoing mail? Why
add a security hole when you don't need it?
> We may be
> interested in an archive of sent/received Email.
As above.
[I'm afraid that your reply was so long than DejaNews cropped the article
when I replied to it.]
Anthony E. Greene
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 26 Jan 1998 10:01:19 -0600, an...@unicorn.com wrote:
>That's not the question: the question is, is it secure? I would strongly
>suggest that a system with a single master-key is inherently insecure.
Who said anything about single master keys? The implementations I've heard
seruiously discussed invloved multiple CMR keys for different parts of the
organization. Why do you consistently assume that the people implementing
CMR are stupid? Of course they won't implement a "single point of failure"
system.
This whole argument would make a lot more sense if you started with the
assumption tht CMR will be implemented in the most intelligent fashion
possible. Then pick holes in that "best of breed" implementation.
When you start by making assumptions that are based on bad decisions, we
spend a lot of time on the pros and cons of the assumptions you've made and
less on the pros and cons of CMR vs Escrow.
Tony
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3i
Comment: What is PGP? <http://www.pobox.com/~agreene/pgp/>
iQCcAwUBNMzAfURUP9V4zUMpAQHgHQQ3dQ5UnV0ew3f2P/iPHI6OFsctR+ejpWR6
qFlIeX/pTJRM25CuYX3sigpEtwYQHU2KhFEkBH4JXnpmQtVEJNqrnaVXIMb/oi70
KWl2CUWoXss8PmWiWN9swrJ6NmnM3GkOiKBSpF7PAVdNXNdvHqz3B57ICzuuHJVX
JzIqiOxX74Xpgq40oM7A
=G2nX
Ron Heiby
-----BEGIN PGP SIGNED MESSAGE-----
an...@unicorn.com wrote:
>I'm not asking for detailed work, I'm asking you, as one of the most
>vocal advocates of CMR, for an explanation of how a company would
>actually use it.
OK, that's different from what I thought you were saying, "how exactly
would this work? Who would have access to what keys to recover what
data?". I didn't realize that I was a "vocal advocate of CMR". I
thought that I was just pointing out errors in the postings of those
who are bitching at PGP for adding a feature that many companies need
to have.
First, the disclaimer: Every company is different. Every company's
needs are different. The following scenario is a very simple one which
may not be appropriate to your specific situation. Contact a
professional for a customized solution that matches your specific
problems.
Let's say that we have a small consultancy. The firm is controlled by
two people. They might construct a single CMR key. Each would secure a
copy of this key, seperately, in such a way that it could be retrieved
by them or by their successor in the company. A third person, an
employee of the company, is doing work with a client that requires
encrypted communications. As part of the contract with the client, the
client agrees to the encryption methods, including the use of the
consultancy's CMR key. Public keys for the consultancy's CMR key and
the consultancy employee (and probably those of the owners) assigned
to the client are provided by the consultancy to the client. Public
keys for the clien employees (and their CMR key, if any) are provided
by the client to the consultancy. With such a small company, they are
not using software to enforce the use of the CMR key. Instead, they
are relying on their consulting contract with the client and on their
employment contracts with their employees. On an occasional, random
basis, the owners of the consultancy get a copy of an encrypted
message and check it to ensure that the CMR key is being used and,
perhaps, that it can be used to decrypt the message. If the non-owner
employee quits or dies, either of the consultancy's owners can recover
all of the data that has passed, encrypted, between the consultancy
and the client.
>> The way I view most CMR arrangements, the CMR key(s) would almost
>> never change, because they would almost never be used.
>
>For encryption or decryption?
The CMR key would never be used for encryption. It would be used for
decryption in limited circumstances, depending on the needs of the
company. I can see these circumstances as including:
- Testing the CMR system
- Recovering company data in the absence of the employee
- Verifying that company confidential data is not being
inappropriately distributed by an employee via encrypted Email
- Responding to legal process
>But it's also not very useful. What happens when I forget my passphrase
>and need the CMR key to retrieve all my encrypted files? Will this be
>refused because the key is too valuable to use?
I do not believe that CMR is necessarily a good solution to the
problem of people forgetting their passphrases. I believe that it is
inappropriate for a company to allow an employee to encrypt company
files to a single key. In our example above, the employee might be
under instructions to include the keys of one or more of the owners,
when encrypting files or messages of particular long-term value.
>As Adam Back has pointed
>out in the past, in this case you're going to have to hunt out all the
>files I've encrypted in the past, decrypt them with the CMR key and then
>reencrypt with my new key. With key escrow, this is a breeze.
You do not have to go get every such file. You need to get only those
that are actually needed right now. I may have many megabytes of
information related to a client for whom work was done two years ago.
If I forget my passphrase, do I need to immediately go and re-encrypt
all of that? No. I need to recover only what I need to recover. I know
that the CMR key will allow me to recover the rest if/when it becomes
needed.
I have little doubt that this scenario, which I do not believe to be
realistic, that key escrow would be easier. I do not believe that it
is worth the problems of key escrow, though.
>Because the keys have to come out of that secure storage sometime. You
>can make the storage very secure; secret-shared between various company
>executives. But once the key is available, anyone with access can
>potentially copy it. If it's an escrowed key then you only lose that
>single key, if it's a master CMR key you lose every single message you
>ever sent over the Net.
I do not think that you will "lose" anything. There is no doubt that
the CMR key would have to be carefully protected. In my example small
company, either of the two owners retrieves and uses the CMR key as
necessary, then returns the CMR key to its secure location.
>> The main purpose CMR serves is if the PERSON is lost. I don't think that we
>> are really concerned here with the transient mail spool areas.
>
>Then why are you using it to encrypt that mail? Even if you are going to
>use CMR, why not just use it for the saved copy of the outgoing mail? Why
>add a security hole when you don't need it?
I never suggested that it be used with the transient mail spool areas.
You did, when you asked, "Are you storing important data in
mail-spools?". I think that for *outgoing* Email, it might be
reasonable to say that the saved copy in the user's save-box is the
only one that gets the CMR key on it. On the other hand, that would
pretty much destroy the ability to detect company secrets being
Emailed out in encrypted form. Also, it would require that the Email
software be modified to save something other than what was sent -- a
rather odd proposition, in my opinion. Also, this does not address the
issue of *incoming* Email. If the owner needs to recover a piece of
Email that has arrived from the client, what then? Are you suggesting
that the user's Email client software be configured to decrypt and
re-encrypt with the CMR key, before saving the Email? What if the
encrypted message is sitting in the user's in-box when he/she is hit
by the bus?
>[I'm afraid that your reply was so long than DejaNews cropped the article
>when I replied to it.]
I'm afraid that I do not understand what DejaNews has to do with
anything. Are you asking for shorter replies? I can only suggest that
you use software that does not crop long-ish articles.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
iQEVAwUBNMzTieukCaFXG1W9AQHrngf+NVlIajPpnzC/YMem4P663A8bzgJZjUzi
yTaP9zQXF+l8Z3xdpZsFSC+TnQl0XrVcw48dUQsV9QWNF7Cwxl3pzUj0DlCnJlEt
7x0FnLmrsH0+kaeAj0NxIYxphZr97Qp/03wKrtkhecQy4lpIZ/44kU3gvbvVebc3
plQxxu+d9smIeRsnuXgdqWqyihjsJMXoh1G4UPZ7/NmjDCYTuM4lgsAqapltJdac
20EI4Y+BpNrEZPIi/wSuRQSCEr/dePiNb6tkx/5G3TXgyK3EnqAbEJO4zZLzXH2s
iHfS3XzZBYIx1zvHvLQd47VH8PVkAntJDMD/hzDtQlPPzCj7hgDYbg==
=8zK9
Ron Heiby
-----BEGIN PGP SIGNED MESSAGE-----
an...@unicorn.com wrote:
>But that does you no good whatsoever if it hasn't actually been encrypted
>to that key, and people have just followed PGP Inc's advice and put
>garbage in the header.
I feel sorry for anyone from PGP Inc. that advises people to violate their
employers' conditions of employment. It seems to me that such advice would
open them to liability when the person following such advice gets fired for
following it.
>*CRIMINAL* !?!?!? Since when has encryption been a criminal offence? It
>might well be against the terms of your employment contract and hence a
>sacking offence, but I'd like to see a law which would make it criminal.
Encryption is not a criminal offence. Theft of corporate intellectual
property
is. Theft of the corporation's computing resources is.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
iQEVAwUBNM1wFuukCaFXG1W9AQGlKAf8D8EkfcrLS3tn20lC3uSWqk309G4x8DVH
MtjJmNPhubnVDZDL6ru6I6anBluks0FdQgqrw4EEnecMct9Cs/QzE8uKQB+79xzh
9S47jz6njbuolD6+FFCc025i/Dy7kWqilxV79R1rg1GGKHBuKFaGsfGhh1NF9IGD
wlp6L6bheQKXCg0786fCTtNED3YpyMkGjuOuj5ynPbjUrahPe2ny2TLxX775hSaE
1rMmoZy7sIhjiK8A1Wz3lhl2OhgHDrkuv2HNNpd6Rdd/lPajqsObRYKjVhXywvbj
cU5G3Oh83uzNUz7SJeRwIt+tqZh+EAq3ZpJeyexhjlTJ0G/dsKqMGA==
=Utia