Question about backdoors

[Ryan Malayter]

[kgriffi at siue.edu]
> I'm currently on break in a security class where someone has 
> mentioned the backdoor NAI put in PGP.  Since Gnupg is open 
> source can/does something like this exist?
> 

Huh? Backdoor in NAI PGP? I don't think so.

Unless you're referring to the coporate key escrow features, which can
be set up to require all users to encrypt to a master coporate key as
well as the recipeints. But this is something businesses must decide to
use on their own, and turn on for the copies of NAI PGP installed on the
company's computer. Since the corporate key is kept be each company that
chooses to implement it, and there is no "central" key that can decrypt
everyone's email, it can hardly be seen as a "back door". 

It's a feature, pure and simple. One that makes PGP more attractive to
companies that want to be able to recover old messages after employees
leave, and comply with government regulations that require the archiving
of all coreespondence for many years. (Such archival regulations are
only really strict in financial services secor in the U.S., but exist
for many different industries in Europe and Asia).

It sounds like you have an underinformed member of the tin-foil-hat
crowd in your class.

	-Ryan-