Ugly question
John A. Martin
jam at jamux.com
Mon Jan 25 14:32:39 CET 1999
>>>>> "Rat" == Stainless Steel Rat
>>>>> "Re: [comp.security.pgp.announce,alt.security.pgp] Announcement: Release 2.1 of CTC is available"
>>>>> 25 Jan 1999 12:55:45 -0500
Rat> CTC is striving for compatability with PGP; GPG is striving
Rat> for OpenPGP.
Hmm... gpg strives for interoperability with pgp, including pgp5+.
Some implementations of pgp5+ do GAK/CAK (Big Brother Inside aka
Network Associates Key Recovery), right?
Does a gpg user, or any user, know whether a pgp5+ public key
corresponds to a private key that is subject to GAK/CAK. If these
properties are unknowable then should gpg give a warning when it sees
a key that does not look like it is rfc2440 compliant?
Will rfc2440 (sec 5.2.3.20) split-key and group-key flags permit an
indication to the user when they are about to use such a key,
especially a public key corresponding to such a split or shared
private key? How do we know whether the key flags can be trusted?
Or do we now need to know not only that a UserID corresponds to a key
but that the key is not split or shared?
Maybe there is nothing new here, but it seems a mess, no?
jam
More information about the Gnupg-devel
mailing list