Right now, it is a complete pain in the ass for me to encrypt or sign messages using PGP. The reason is because I have my email account on one of CSU's unix machines, so I have to do my posting there, while my PGP stuff lives on my PC in my apartment. Usually, I check my mail and read news by calling CSUNet over my modem, but if I want to encrypt, decrypt, sign or check the signature of a message, I have to zmodem the message to my machine, log off, decrypt or check the message while offline (or at least shelled into DOS), type up a reply, manually encrypt it and finally get back into my term program and zmodem the reply back up to CSUNet and mail it. I don't really want to run PGP on CSUNet, since I don't trust their machines like I trust mine, but I am thinking about doing that and generating a key which I would be wiling to use for less secure stuff. Anyone here have any other suggestions on making encryption less of a pain? Doug | Doug Holland | Proud member of: | holland@beethoven.cs.colostate.edu | Mathematicians Against Drunk Deriving | Finger for PGP 2.2 key |
According to douglas craig holland:
Right now, it is a complete pain in the ass for me to encrypt or sign messages using PGP. The reason is because I have my email account on one of CSU's unix machines, so I have to do my posting there, while my PGP stuff lives on my PC in my apartment. Usually, I check my mail and read news by calling CSUNet over my modem, but if I want to encrypt, decrypt, sign or check the signature of a message, I have to zmodem the message to my machine, log off, decrypt or check the message while offline (or at least shelled into DOS), type up a reply, manually encrypt it and finally get back into my term program and zmodem the reply back up to CSUNet and mail it. I don't really want to run PGP on CSUNet, since I don't trust their machines like I trust mine, but I am thinking about doing that and generating a key which I would be wiling to use for less secure stuff. Anyone here have any other suggestions on making encryption less of a pain?
If you happen to use 4dos and telix on your pc at home, I have some (imho) nice tools which make it easy to encrypt... For a taste of what I mean, try my menu.btm menu program for pgp under 4dos. If you like it, you can look at my (as yet unreleased) mail program. Lagers. J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl@triton.unm.edu | Government forgets about the 1st! <RL> Mike.Diehl@f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. <Me> al945@cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politically Incorrect! <Me> Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703.
If you happen to use 4dos and telix on your pc at home, I have some (imho) nice tools which make it easy to encrypt... For a taste of what I mean, try my menu.btm menu program for pgp under 4dos. If you like it, you can look at my (as yet unreleased) mail program. Lagers.
J. Michael Diehl ;^) |*The 2nd Amendment is there in case the mdiehl@triton.unm.edu | Government forgets about the 1st! <RL> Mike.Diehl@f29.n301.z1 |*God is a good Physicist, and an even .fidonet.org | better Mathematician. <Me> al945@cwns9.ins.cwru.edu|*I'm just looking for the opportunity to (505) 299-2282 (voice) | be Politically Incorrect! <Me> Can we impeach him yet? |*Protected by 18 USC 2511 and 18 USC 2703.
I wouldn't mind seeing some script files and the like. You just gave me an idea, that is if I could figure out the script languages for Emacs, Elm, as well as Qmodem. It would be nice if I could automate the encryption/decryp- tion/signature process. Doug | Doug Holland | Proud member of: | holland@beethoven.cs.colostate.edu | Mathematicians Against Drunk Deriving | Finger for PGP 2.2 key |
From: douglas craig holland <holland@CS.ColoState.EDU> [...] I don't really want to run PGP on CSUNet, since I don't trust their machines like I trust mine, but I am thinking about doing that and generating a key which I would be wiling to use for less secure stuff. Anyone here have any other suggestions on making encryption less of a pain?
In short, I sugest doing what you are thinking about: use two keys, a high security key, and a low security key signed by the high one. Use a low security key signed by a high security one. Change the low security key every so often. Keep the low security key under a pass phrase unrelated to the one you use for the high security key, and don't ever even store the high security key on the multi-user system. Then use some package (like my pgpmail.el) which connects your multi-user system's mail program to pgp. Sign your posts and casual mail with the low security key, and if/when it is compromised you will be able to issue convincing key change notices using the high security key. Naturally you should get other folks to sign your high security key, not the low one. That's what I do. j' -- O I am Jay Prime Positive jpp@markv.com 1250 bit key fingerprint = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit key fingerprint = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys by `finger jpp@markv.com' or mail to pgp-public-keys@pgp.mit.edu Your feedback is welcome, directly or via symbol JPP on hex@sea.east.sun.com
-----BEGIN PGP SIGNED MESSAGE-----
In short, I sugest doing what you are thinking about: use two keys, a high security key, and a low security key signed by the high one.
[ explaination of method deleted ]
That's what I do.
j' -- O I am Jay Prime Positive jpp@markv.com 1250 bit key fingerprint = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit key fingerprint = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys by `finger jpp@markv.com' or mail to pgp-public-keys@pgp.mit.edu Your feedback is welcome, directly or via symbol JPP on hex@sea.east.sun.com
I like this method you mentioned of using two keys, on one on the public machine, and one more secure at home or whatever. I meant to comment on this before...I'm not sure about the "detached" signature, though. What if someone created a detached signature, adds it to their header, and the last thing that happens is that their mailer appends their .signature to the end of the message. The only way seems to be to say, "Encorporate the detached signature mechanism into whatever program you're using so that it's the last thing that happens. This includes things like mailx, elm, and inews." Not everyone could probably comply with this (especially some who work for corporations that add a corporate signature to messages after it's left the user's hands). - -pc ____________________________________________________________ Philip Kizer ___ Texas A&M CIS Operating Systems Group, Unix fnord pckizer@tamu.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLNE/87ZspOMRmJBhAQG1iQP/bAdjFL+OYzYJCNgvjB/0+eW+yA5ym/NY 6JrJkGjOKgjYMJ+fZFItcxgfiRUlFs+1X+N5j51P5r78XOVK20v5La2BP5CftOmj bLsb8Lg0hjCLtPbZWcywvPjAmA03fp3/gtFGr1rygTWGTy8cUlbRJS6FGcc0/uqZ o35s9zrul10= =X9yf -----END PGP SIGNATURE-----
participants (4)
-
holland@CS.ColoState.EDU -
J. Michael Diehl -
jpp@markv.com -
pckizer@tamu.edu