Ugly question

John A. Martin jam at jamux.com
Mon Jan 25 14:32:39 CET 1999


>>>>> "Rat" == Stainless Steel Rat
>>>>> "Re: [comp.security.pgp.announce,alt.security.pgp] Announcement: Release 2.1 of CTC is available"
>>>>>  25 Jan 1999 12:55:45 -0500

    Rat> CTC is striving for compatability with PGP; GPG is striving
    Rat> for OpenPGP.

Hmm... gpg strives for interoperability with pgp, including pgp5+.
Some implementations of pgp5+ do GAK/CAK (Big Brother Inside aka
Network Associates Key Recovery), right?

Does a gpg user, or any user, know whether a pgp5+ public key
corresponds to a private key that is subject to GAK/CAK.  If these
properties are unknowable then should gpg give a warning when it sees
a key that does not look like it is rfc2440 compliant?

Will rfc2440 (sec 5.2.3.20) split-key and group-key flags permit an
indication to the user when they are about to use such a key,
especially a public key corresponding to such a split or shared
private key?  How do we know whether the key flags can be trusted?

Or do we now need to know not only that a UserID corresponds to a key
but that the key is not split or shared?

Maybe there is nothing new here, but it seems a mess, no?

	jam




More information about the Gnupg-devel mailing list