At 15:24 2/20/96, Ed Carp wrote:
On Wed, 21 Feb 1996, Tim Philp wrote:
The issue that I have not seen you address is one that has been brought up by several posters to this thread. This issue has to do with the fact that if you generate all of the keys (or whatever) what is to stop someone from offering one of your employees a LARGE bribe to cough up the keys?
Not to mention GAK. No bribe needed - just a "suit" showing up with what
The threat is mote. IPG generates the keys. Therefore, their system is insecure from the user's point of view. This is just about as fundamental of a security flaw as you are ever going to find. Let's not waste our time on IPG (what a misnomer) any longer. -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.