On Tue, 28 Nov 1995, Adam Hupp wrote:
Can you imagine?? I'm simply not willing to fool myself into thinking that I ahve security by posting a key and using PGP.
Unless you can post some proof that PGP is insecure, stop insisting it is.
PGP is really not the issue. The issue is more my security and the environment that I use PGP in. I don't have a trusted machine to run PGP on. Anyone who wants to can come up to machine and copy my secret keyring or they can even watch me typing my password in.
So, I don't fool myself, and I don't use PGP, except for things like exchanging a one-time pad with someone when I've already sent the message out across another delivery mechanism, like on a floppy delivered my courier.
Alice de 'nonymous ...
You're a bonehead. On the one hand, you FAIL to stop or dramatically reduce claimed spoofings of your notes by using PGP (which would almost certainly work perfectly for this limited purpose) yet you claim that you'll only trust PGP in a limited scenario of courier-delivered data! Talk about "penny-wise and pound foolish"! Wake up, idiot! The purpose of encryption and signing and such is to REDUCE problems, ideally to zero but if not to some adequately small value. To fail to use signing when there is no ongoing problem is risky; to not use signing when there is a serious continuing problem is downright lunatic. That sets up an irresolvable contradiction: On the one hand, you're willing to tolerate a continuing problem, yet on the other you claim that your standards are so high that you won't use a system unless the probability of security essentially precludes a loss of security. Now can you see why we're laughing?