DaveNet: Monday, October 6, 1997; by Dave Winer.

PGP on Message Recovery

From Helena Winkler, hwinkler@pgp.com, Director of Product Management, Pretty Good Privacy, Inc.

Pretty Good Privacy, Inc. (PGP) is committed to giving individuals and corporations the tools to allow them to protect their confidential and proprietary e-mail and digital assets. For almost two years we have been providing corporations the ability to recover their encrypted corporate data in the event of extraordinary circumstances, without the use of key escrow.

PGP is founded on the principal that privacy and data security is the right of the individual user and the corporation. PGP opposes providing back doors, and we vouch for our integrity by publishing our cryptographic source code for independent peer review. PGP also believes in disclosure to the user. Thus, when messages are encrypted to a Corporate Message Recovery key it is always performed with notification to the end users - both sender and recipients.

PGP provides products to corporations that allow them to protect their most valuable and confidential information from both internal and external threats. We believe corporations need to have control over their security policies, without government intervention, and we provide them with tools to make this possible.

Description of PGP's Corporate Message Recovery

Corporate Message Recovery is an optional tool that allows organizations to recover corporate assets in the event of extraordinary circumstances, without the use of key escrow. While organizations will not ordinarily perform the steps to recover data, there may be circumstances when it is necessary to recover an employee's corporate data, for example, if an employee is injured and out of work for some time. Users are always notified if PGP Corporate Message Recovery is in place.

PGP accomplishes this through the use of Corporate Message Recovery keys. These keys allow authorized individuals within the organization to decrypt messages that have been sent to or from people within the organization. PGP offers both an Incoming Message Recovery key and an Outgoing Message Recovery key. An organization may optionally choose to enforce their policy of Corporate Message Recovery through use of the PGP Policy Management Agent for SMTP.

To prevent unauthorized message recovery, organizations should enforce a policy that a minimum of two people should be required to utilize the Corporate Message Recovery keys.

Incoming Message Recovery causes data encrypted to people in an organization to also be encrypted to the Incoming Message Recovery key. When users generate their keys, their keys contain a pointer to the Incoming Message Recovery key. When messages and files are encrypted, the PGP user software encrypts to the recipients' keys and to the Incoming Message Recovery key. The sender is always notified upon encryption that the message will additionally be encrypted to a Corporate Message Recovery key. If the organization specifies "Enforce Message Recovery", the user can then determine if the message should be sent. If the organization has not specified "Enforce Message Recovery", the sender can optionally remove the Corporate Message Recovery key. Incoming Message Recovery keys can be only Diffie-Hellman keys.

Outgoing Message Recovery causes encrypted mail sent from people in an organization to also be encrypted to the Outgoing Message Recovery key. If the organization specifies "Enforce Message Recovery", all outgoing encrypted mail must be encrypted to the Outgoing Message Recovery key. If the organization has not specified "Enforce Message Recovery", the sender can optionally remove the Corporate Message Recovery key. Outgoing Message Recovery keys can be either RSA or Diffie-Hellman keys.

PGP provides these tools to its customers for use within their environment, but does not pre-configure or require the implementation of these features. Whenever messages are encrypted to a Corporate Message Recovery key, it is always performed with notification to the end users - both sender and recipients.