-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/12/97 1:31 AM, Anonymous (nobody@REPLAY.COM) passed this wisdom: [snip]
Now think about this: You're Joe Random Govt. Worker at the official secret key repository, and there's a budget crisis going on - instead of paychecks, you're getting I.O.U.'s. Your terminal has access to thousands, perhaps millions, of secret keys. You grab one of CitiBank's, forge a few transactions, and 30 seconds later your Swiss bank account is a few million dollars fatter and according to the digital signature, the transaction originated in L.A..
Please correct me if I am wrong, but could not a GAK backdoor be written that will simply permit decryption only of the ciphertext and not encryption. Would not this prevent this from happening? Don'tget me wrong. It scares the hell out of me too, but maybe, in addition to that various things Tim has suggested we might also consider how to make the GAK as secure as cam be to minimize its potential for disaster. -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBNBnRQcdZgC62U/gIEQK+qACfSPjDLBIKmN4AgvEU6nBPmKKF+94AnR6T 4ZV9vbLb7vCpaaKGZA1mPTmH =MbPr -----END PGP SIGNATURE----- Brian B. Riley --> http://www.macconnect.com/~brianbr For PGP Keys - Send Email Subject "Get PGP Key" "The only thing necessary for evil to triumph, is for good men to stand by and do nothing" Edmund Burke