In article <199602062336.PAA24566@infinity.c2.org> cmca@alpha.c2.org (Chris McAuliffe) writes:
Maybe some of you already know about this.
Whe reading PGP's "Only for your eyes" messages, the program creates a temporary file containing the plaintext in the directory where the cyphertext file is.
So, don't worry about this option, it's quite useless.
The manual points out that you shouldn't rely on it. Its main purpose is simply to prevent accidentally or automatically leaving the plaintext lying around, not to actually securely guarantee that behaviour. After all, you could always cut-and-paste the text, or (since you have the PGP source) alter PGP to ignore the flag.
I've gotten burned by this because it created a temp file over NFS. If I'd been able to read the message with my mail reader "pgp -f", I would not have disclosed the information. The for your eyes only option is more than useless, it's dangerous.
The real problem is not what it does, but what people *think* it might do.
I take that back. When I check the manual, it doesn't say that it is insecure. It really ought to. At least one of the books about PGP does though, I know I've read it somewhere other than email.
David