James Black writes:
I am in a discussion (during the week) with a system administrator about seeing if we can just make PGP publically available to everyone, but now the discussion seems to be to just allow PGP to do digital signatures, and I don't think that is the best choice, then. They are not against PGP being used, but there are legal issues as to whether they can offer it to everyone, as some students are international students, and are not allowed to use the version for the US, or so I have been informed, so now I need to see if we can have the international version, so these students can use it. :(
Actually, nothing in the ITAR says foreigners can't USE the U.S. version of PGP, just that you can't give them the software. However, I think it is a bad idea to make PGP available on a multiuser computer. It encourages a very, very bad habit -- that of using PGP on a multiuser computer....
What they are trying to do is make certain that no one can send a message to anyone, claim to be in the faculty, and cause problems that way.
But since you are using this software on a multiuser computer over likely insecure lines, or, even worse, over an insecure LAN, all you are going to do is make things even stickier when someone steals a key and starts pretending to be some faculty member anyway. Don't use public key software on untrusted hardware over insecure links. Its a BAD BAD BAD thing. Perry