From: "Timothy C. May" <tcmay@netcom.com> Date: Wed, 24 Aug 1994 01:37:39 -0700 (PDT) What is being missed here is the issue of where the PGP operations are being done. If done on a machine outside the direct control of the user, obvious security holes exist. I don't suppose that you'd care to describe a situation with absolutely no security holes, would you? If not, can we conclude that any attempt to do anything related to security is, in your opinion, silly? What's wrong with the following approach: - Try to control what you can control. - Try to recognize what you cannot control. - Try to reduce the second set in favor of the first. Using PGP on Unix systems where you are not root *does* have a place in this framework. Rick